{"api_version":"1","generated_at":"2026-06-01T18:47:31+00:00","cve":"CVE-2021-41688","urls":{"html":"https://cve.report/CVE-2021-41688","api":"https://cve.report/api/cve/CVE-2021-41688.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-41688","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-41688"},"summary":{"title":"CVE-2021-41688","description":"DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-06-28 13:15:00","updated_at":"2022-07-06 19:44:00"},"problem_types":["CWE-415"],"metrics":[],"references":[{"url":"https://github.com/DCMTK/dcmtk","name":"https://github.com/DCMTK/dcmtk","refsource":"MISC","tags":[],"title":"GitHub - DCMTK/dcmtk: Official DCMTK Github Mirror","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb","name":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb","refsource":"MISC","tags":[],"title":"Fixed poss. NULL pointer dereference/double free. · DCMTK/dcmtk@a9697df · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-41688","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41688","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"41688","vulnerable":"1","versionEndIncluding":"3.6.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"offis","cpe5":"dcmtk","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-41688","qid":"183850","title":"Debian Security Update for dcmtk (CVE-2021-41688)"},{"cve":"CVE-2021-41688","qid":"199499","title":"Ubuntu Security Notification for DCMTK Vulnerabilities (USN-5882-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-41688","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/DCMTK/dcmtk","refsource":"MISC","name":"https://github.com/DCMTK/dcmtk"},{"refsource":"MISC","name":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb","url":"https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb"}]}},"nvd":{"publishedDate":"2022-06-28 13:15:00","lastModifiedDate":"2022-07-06 19:44:00","problem_types":["CWE-415"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*","versionEndIncluding":"3.6.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"41688","Ordinal":"217492","Title":"CVE-2021-41688","CVE":"CVE-2021-41688","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"41688","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}