dcmtk-3.7.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10006-1 Final 1 1 2026-01-05T00:00:00Z current 2026-01-05T00:00:00Z 2026-01-05T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z dcmtk-3.7.0-1.1 on GA media These are all security issues fixed in the dcmtk-3.7.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10006 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-14607/ SUSE CVE CVE-2025-14607 page https://www.suse.com/security/cve/CVE-2025-14841/ SUSE CVE CVE-2025-14841 page openSUSE Tumbleweed dcmtk-3.7.0-1.1 dcmtk-devel-3.7.0-1.1 libdcmtk20-3.7.0-1.1 dcmtk-3.7.0-1.1 as a component of openSUSE Tumbleweed dcmtk-devel-3.7.0-1.1 as a component of openSUSE Tumbleweed libdcmtk20-3.7.0-1.1 as a component of openSUSE Tumbleweed A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component. CVE-2025-14607 openSUSE Tumbleweed:dcmtk-3.7.0-1.1 openSUSE Tumbleweed:dcmtk-devel-3.7.0-1.1 openSUSE Tumbleweed:libdcmtk20-3.7.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14607.html CVE-2025-14607 https://bugzilla.suse.com/1255464 SUSE Bug 1255464 A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgrading to version 3.7.0 is sufficient to resolve this issue. Patch name: ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the affected component. CVE-2025-14841 openSUSE Tumbleweed:dcmtk-3.7.0-1.1 openSUSE Tumbleweed:dcmtk-devel-3.7.0-1.1 openSUSE Tumbleweed:libdcmtk20-3.7.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-14841.html CVE-2025-14841 https://bugzilla.suse.com/1255292 SUSE Bug 1255292