cvelistv5 - cve-2022-2120

CVE-2022-2120 (GCVE-0-2022-2120)

Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-11-03 19:26

Summary

OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-23 - Relative Path Traversal

Assigner

icscert

References

URL

	Vendor	Product	Version
	OFFIS	DCMTK	Affected: unspecified , < 3.6.7 (custom)

OPENSUSE-SU-2023:0108-1

Vulnerability from csaf_opensuse - Published: 2023-05-14 22:01 - Updated: 2023-05-14 22:01

Summary

Security update for dcmtk

Notes

Title of the patch

Security update for dcmtk

Description of the patch

This update for dcmtk fixes the following issues: - CVE-2022-43272: Fixed memory leak via the T_ASC_Association object (boo#1206070) - Update to 3.6.7 (boo#1208639, boo#1208638, boo#1208637, CVE-2022-2121, CVE-2022-2120, CVE-2022-2119) - CVE-2022-2121: Fixed possible DoS via NULL pointer dereference - CVE-2022-2120: Fixed relative path traversal vulnerability - CVE-2022-2119: Fixed path traversal vulnerability See DOCS/CHANGES.367 for the full list of changes * Updated code definitions for DICOM 2022b * Fixed possible NULL pointer dereference

Patchnames

openSUSE-2023-108

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for dcmtk",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for dcmtk fixes the following issues:\n\n- CVE-2022-43272: Fixed memory leak via the T_ASC_Association object (boo#1206070)\n\n- Update to 3.6.7 (boo#1208639, boo#1208638, boo#1208637,\n  CVE-2022-2121, CVE-2022-2120, CVE-2022-2119)\n  - CVE-2022-2121: Fixed possible DoS via NULL pointer dereference\n  - CVE-2022-2120: Fixed relative path traversal vulnerability\n  - CVE-2022-2119: Fixed path traversal vulnerability\n\n  See DOCS/CHANGES.367 for the full list of changes\n\n  * Updated code definitions for DICOM 2022b\n  * Fixed possible NULL pointer dereference\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2023-108",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0108-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2023:0108-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MKL5XGJX4U2PD4XAVAZG2YAU2LYKLQIH/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2023:0108-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MKL5XGJX4U2PD4XAVAZG2YAU2LYKLQIH/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206070",
        "url": "https://bugzilla.suse.com/1206070"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208637",
        "url": "https://bugzilla.suse.com/1208637"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208638",
        "url": "https://bugzilla.suse.com/1208638"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208639",
        "url": "https://bugzilla.suse.com/1208639"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-2119 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-2119/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-2120 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-2120/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-2121 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-2121/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-43272 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-43272/"
      }
    ],
    "title": "Security update for dcmtk",
    "tracking": {
      "current_release_date": "2023-05-14T22:01:36Z",
      "generator": {
        "date": "2023-05-14T22:01:36Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2023:0108-1",
      "initial_release_date": "2023-05-14T22:01:36Z",
      "revision_history": [
        {
          "date": "2023-05-14T22:01:36Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dcmtk-3.6.7-bp154.2.3.1.aarch64",
                "product": {
                  "name": "dcmtk-3.6.7-bp154.2.3.1.aarch64",
                  "product_id": "dcmtk-3.6.7-bp154.2.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
                "product": {
                  "name": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
                  "product_id": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
                "product": {
                  "name": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
                  "product_id": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dcmtk-3.6.7-bp154.2.3.1.i586",
                "product": {
                  "name": "dcmtk-3.6.7-bp154.2.3.1.i586",
                  "product_id": "dcmtk-3.6.7-bp154.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "dcmtk-devel-3.6.7-bp154.2.3.1.i586",
                "product": {
                  "name": "dcmtk-devel-3.6.7-bp154.2.3.1.i586",
                  "product_id": "dcmtk-devel-3.6.7-bp154.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libdcmtk17-3.6.7-bp154.2.3.1.i586",
                "product": {
                  "name": "libdcmtk17-3.6.7-bp154.2.3.1.i586",
                  "product_id": "libdcmtk17-3.6.7-bp154.2.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dcmtk-3.6.7-bp154.2.3.1.ppc64le",
                "product": {
                  "name": "dcmtk-3.6.7-bp154.2.3.1.ppc64le",
                  "product_id": "dcmtk-3.6.7-bp154.2.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
                "product": {
                  "name": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
                  "product_id": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
                "product": {
                  "name": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
                  "product_id": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dcmtk-3.6.7-bp154.2.3.1.s390x",
                "product": {
                  "name": "dcmtk-3.6.7-bp154.2.3.1.s390x",
                  "product_id": "dcmtk-3.6.7-bp154.2.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
                "product": {
                  "name": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
                  "product_id": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libdcmtk17-3.6.7-bp154.2.3.1.s390x",
                "product": {
                  "name": "libdcmtk17-3.6.7-bp154.2.3.1.s390x",
                  "product_id": "libdcmtk17-3.6.7-bp154.2.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dcmtk-3.6.7-bp154.2.3.1.x86_64",
                "product": {
                  "name": "dcmtk-3.6.7-bp154.2.3.1.x86_64",
                  "product_id": "dcmtk-3.6.7-bp154.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
                "product": {
                  "name": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
                  "product_id": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
                "product": {
                  "name": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
                  "product_id": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 15 SP4",
                "product": {
                  "name": "SUSE Package Hub 15 SP4",
                  "product_id": "SUSE Package Hub 15 SP4"
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.4",
                "product": {
                  "name": "openSUSE Leap 15.4",
                  "product_id": "openSUSE Leap 15.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.aarch64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.i586 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.i586",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.ppc64le as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.s390x as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.x86_64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.i586 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.i586",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.i586 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.i586",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.s390x as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.aarch64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.i586 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.ppc64le as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.s390x as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-3.6.7-bp154.2.3.1.x86_64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64"
        },
        "product_reference": "dcmtk-3.6.7-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.i586 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64"
        },
        "product_reference": "dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.i586 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.s390x as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
        },
        "product_reference": "libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-2119",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-2119"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-2119",
          "url": "https://www.suse.com/security/cve/CVE-2022-2119"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208637 for CVE-2022-2119",
          "url": "https://bugzilla.suse.com/1208637"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-05-14T22:01:36Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2022-2119"
    },
    {
      "cve": "CVE-2022-2120",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-2120"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-2120",
          "url": "https://www.suse.com/security/cve/CVE-2022-2120"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208638 for CVE-2022-2120",
          "url": "https://bugzilla.suse.com/1208638"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-05-14T22:01:36Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2022-2120"
    },
    {
      "cve": "CVE-2022-2121",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-2121"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-2121",
          "url": "https://www.suse.com/security/cve/CVE-2022-2121"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208639 for CVE-2022-2121",
          "url": "https://bugzilla.suse.com/1208639"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-05-14T22:01:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-2121"
    },
    {
      "cve": "CVE-2022-43272",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-43272"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-43272",
          "url": "https://www.suse.com/security/cve/CVE-2022-43272"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1206070 for CVE-2022-43272",
          "url": "https://bugzilla.suse.com/1206070"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:dcmtk-devel-3.6.7-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:libdcmtk17-3.6.7-bp154.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-05-14T22:01:36Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-43272"
    }
  ]
}

FKIE_CVE-2022-2120

Vulnerability from fkie_nvd - Published: 2022-06-24 15:15 - Updated: 2025-11-03 20:15

Severity ?

7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01	Mitigation, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/06/msg00025.html
af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01	Mitigation, Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	offis	dcmtk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06DB814D-2ADD-41EA-A1CF-E2178623D6B3",
              "versionEndExcluding": "3.6.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution."
    },
    {
      "lang": "es",
      "value": "El usuario de clase de servicio (SCU) de OFFIS DCMTK (todas las versiones anteriores a 3.6.7) es vulnerable a un salto de ruta relativo, lo que permite a un atacante escribir archivos DICOM en directorios arbitrarios bajo nombres controlados. Esto podr\u00eda permitir una ejecuci\u00f3n remota de c\u00f3digo"
    }
  ],
  "id": "CVE-2022-2120",
  "lastModified": "2025-11-03T20:15:53.993",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-24T15:15:10.743",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-23"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-2120

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-2120

Aliases

CVE-2022-2120

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-2120",
    "description": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.",
    "id": "GSD-2022-2120",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-2120.html",
      "https://ubuntu.com/security/CVE-2022-2120",
      "https://advisories.mageia.org/CVE-2022-2120.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-2120"
      ],
      "details": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.",
      "id": "GSD-2022-2120",
      "modified": "2023-12-13T01:19:19.587636Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2022-06-23T22:19:00.000Z",
        "ID": "CVE-2022-2120",
        "STATE": "PUBLIC",
        "TITLE": "OFFIS DCMTK Path Traversal"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "DCMTK",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "3.6.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "OFFIS"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-23 Relative Path Traversal"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01",
            "refsource": "MISC",
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
          }
        ]
      },
      "source": {
        "advisory": "ICSMA-22-174-01",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c3.6.7",
          "affected_versions": "All versions before 3.6.7",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2022-07-05",
          "description": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.",
          "fixed_versions": [],
          "identifier": "CVE-2022-2120",
          "identifiers": [
            "CVE-2022-2120"
          ],
          "not_impacted": "",
          "package_slug": "conan/dcmtk",
          "pubdate": "2022-06-24",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-2120",
            "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
          ],
          "uuid": "7d9dd5cc-cb8f-4246-aae6-fbdcafdd82a4"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.6.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2022-2120"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-07-05T17:26Z",
      "publishedDate": "2022-06-24T15:15Z"
    }
  }
}

GHSA-9HC9-VCHG-8P47

Vulnerability from github – Published: 2022-06-25 00:00 – Updated: 2025-11-03 21:30

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-2120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-24T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.",
  "id": "GHSA-9hc9-vchg-8p47",
  "modified": "2025-11-03T21:30:41Z",
  "published": "2022-06-25T00:00:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2120"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

ICSMA-22-174-01

Vulnerability from csaf_cisa - Published: 2022-06-23 00:00 - Updated: 2022-06-23 00:00

Summary

OFFIS DCMTK

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, write malformed DICOM files into arbitrary directories, and gain remote code execution.

Critical infrastructure sectors

Healthcare and Public Health

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Noam Moshe"
        ],
        "organization": "Claroty",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, write malformed DICOM files into arbitrary directories, and gain remote code execution.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Healthcare and Public Health",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-22-174-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsma-22-174-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-22-174-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-174-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "OFFIS DCMTK",
    "tracking": {
      "current_release_date": "2022-06-23T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSMA-22-174-01",
      "initial_release_date": "2022-06-23T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2022-06-23T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 3.6.7",
                "product": {
                  "name": "DCMTK: All versions prior to 3.6.7",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "DCMTK"
          }
        ],
        "category": "vendor",
        "name": "OFFIS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-2119",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected product \u0027s service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.CVE-2022-2119 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2119"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OFFIS recommends all users update to Version 3.6.7 or later. For more information see Bug #1021",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.dcmtk.org/redmine/issues/1021"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-2120",
      "cwe": {
        "id": "CWE-23",
        "name": "Relative Path Traversal"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected product \u0027s service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.CVE-2022-2120 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2120"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OFFIS recommends all users update to Version 3.6.7 or later. For more information see Bug #1021",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.dcmtk.org/redmine/issues/1021"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-2121",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected product has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.CVE-2022-2121 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2121"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OFFIS recommends all users update to Version 3.6.7 or later. For more information see Bug #1021",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.dcmtk.org/redmine/issues/1021"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-2120 (GCVE-0-2022-2120)

OPENSUSE-SU-2023:0108-1

FKIE_CVE-2022-2120

GSD-2022-2120

GHSA-9HC9-VCHG-8P47

ICSMA-22-174-01

Tags

Sightings

Nomenclature