HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-50254Published Modified CNA icscert

CVE-2026-50254: OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it.

Metrics

CVSS v4.0
8.7
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

Affected packages
  • OFFIS DICOM / DCMTK Toolkit
    ≤ 3.7.0
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N