CVE-2025-25475

dcmtk: NULL Pointer Dereference in DCMTK dcrleccd.cc Leading to DoS

Description

A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.

INFO

Published Date :

2025-02-18T00:00:00.000Z

Last Modified :

2025-11-03T19:45:08.178Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2025-25475 vulnerability.

Vendors	Products
Debian	Debian Linux
Offis	Dcmtk

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-25475.

URL	Resource
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245
https://github.com/DCMTK/dcmtk/commit/bffa3e9116abb7038b432443f16b1bd390e80245
https://lists.debian.org/debian-lts-announce/2025/06/msg00025.html
https://nvd.nist.gov/vuln/detail/CVE-2025-25475
https://www.cve.org/CVERecord?id=CVE-2025-25475

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact