{"api_version":"1","generated_at":"2026-06-01T19:45:03+00:00","cve":"CVE-2021-41687","urls":{"html":"https://cve.report/CVE-2021-41687","api":"https://cve.report/api/cve/CVE-2021-41687.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-41687","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-41687"},"summary":{"title":"CVE-2021-41687","description":"DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-06-28 13:15:00","updated_at":"2022-07-06 19:44:00"},"problem_types":["CWE-401"],"metrics":[],"references":[{"url":"https://github.com/DCMTK/dcmtk","name":"https://github.com/DCMTK/dcmtk","refsource":"MISC","tags":[],"title":"GitHub - DCMTK/dcmtk: Official DCMTK Github Mirror","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb","name":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb","refsource":"MISC","tags":[],"title":"Fixed poss. NULL pointer dereference/double free. · DCMTK/dcmtk@a9697df · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-41687","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41687","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"41687","vulnerable":"1","versionEndIncluding":"3.6.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"offis","cpe5":"dcmtk","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-41687","qid":"181962","title":"Debian Security Update for dcmtk (CVE-2021-41687)"},{"cve":"CVE-2021-41687","qid":"199499","title":"Ubuntu Security Notification for DCMTK Vulnerabilities (USN-5882-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-41687","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/DCMTK/dcmtk","refsource":"MISC","name":"https://github.com/DCMTK/dcmtk"},{"refsource":"MISC","name":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb","url":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb"}]}},"nvd":{"publishedDate":"2022-06-28 13:15:00","lastModifiedDate":"2022-07-06 19:44:00","problem_types":["CWE-401"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*","versionEndIncluding":"3.6.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"41687","Ordinal":"217491","Title":"CVE-2021-41687","CVE":"CVE-2021-41687","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"41687","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}