Debian 11: DCMTK Critical Memory Corruption Threat CVE-2025-9732 DLA-4363-1
debian lts
November 3, 2025
Several vulnerabilities have been fixed in DCMTK, a collection of libraries and applications implementing large parts of the DICOM standard for medical images
Summary
CVE-2025-9732
Processing of an invalid DICOM image with a Photometric
Interpretation of "YBR_FULL" and a Planar Configuration of "1" where
the number of pixels stored does not match the expected number of pixels.
This may lead to memory corruption.
CVE-2022-4981
Various issues in the dcmqrscp configuration file parser that could cause
application crashes when reading a malformed configuration file, due to
insufficient checks of the input data.
CVE-2020-36855
Stack-based overflow in the dcmqrscp config parser.
For Debian 11 bullseye, these problems have been fixed in version
3.6.5-1+deb11u5.
We recommend that you upgrade your dcmtk packages.
For the detailed security status of dcmtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/dcmtk
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: dcmtk
Version: 3.6.5-1+deb11u5
CVE ID: CVE-2020-36855 CVE-2022-4981 CVE-2025-9732
Debian Bug: 1113993
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!