CVE-2026-12805 OFFIS CVE debrief

Who should care

Defenders of systems using OFFIS DCMTK up to 3.7.0 should be aware of this vulnerability. Given the low CVSS score, it may not be a priority for all, but those with exposure to DCMTK should review and apply patches as part of regular maintenance. This is especially important for environments where remote exploitation could lead to significant impact.

Technical summary

The vulnerability is in the XMLNode::parseFile function in ofstd/libsrc/ofxml.cc of OFFIS DCMTK up to 3.7.0. It allows for a heap-based buffer overflow through manipulation, potentially leading to remote exploitation. The patch for this issue is 1d4b3815c0987840a983160bfc671fef63a3105b. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

Low severity, but prioritize patching for exposed systems

Recommended defensive actions

• Apply the patch 1d4b3815c0987840a983160bfc671fef63a3105b to DCMTK installations
• Review and update DCMTK to a version beyond 3.7.0 if possible
• Inventory systems for DCMTK usage and exposure
• Monitor for unusual activity related to DCMTK
• Review compensating controls for environments unable to patch immediately

Evidence notes

The primary evidence is the CVE-2026-12805 record and the source item from nvd_modified. The affected product is OFFIS DCMTK up to 3.7.0, specifically the XMLNode::parseFile function in ofstd/libsrc/ofxml.cc. Defenders should verify DCMTK versions and apply patches or updates as available from the vendor. The exploit has been published, increasing the urgency for patching.

Official resources