OFFIS DCMTK Toolkit
Summary
CISA has released an alert regarding multiple critical vulnerabilities (CVE-2026-50003, CVE-2026-50254, CVE-2026-35505, CVE-2026-52868, CVE-2026-44628) in OFFIS DCMTK Toolkit versions <=3.7.0. Successful exploitation could allow attackers to write files, access unauthorized information, exhaust memory, or crash client/server processes. A fix has been provided in the latest GitHub commits for the toolkit.
IFF Assessment
Multiple critical vulnerabilities with a CVSS score of 9.8 in a widely used toolkit present a significant risk, allowing for severe impact like unauthorized file writing and system crashes.
Severity
The article explicitly states a CVSS v3 score of 9.8. This high score is due to vulnerabilities such as path traversal, memory release issues, and type confusion, which can lead to critical impacts like arbitrary file writing, denial of service, and unauthorized information access, likely with low attack complexity.
Defender Context
Defenders, especially those in the Healthcare and Public Health sectors, must immediately assess their environments for the presence of OFFIS DCMTK Toolkit versions <=3.7.0. It is critical to apply the available fix by updating to the latest GitHub release to prevent potential exploitation leading to unauthorized access, data manipulation, or denial of service on systems utilizing this toolkit. Organizations should also consider implementing network segmentation and strict access controls for systems using DCMTK.