PatchSiren

OFFIS CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM OFFIS CVE published 2026-05-31

CVE-2026-10194

A heap-based buffer overflow vulnerability exists in OFFIS DCMTK 3.7.0 within the dcmqrscp component. The flaw resides in the DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages function in dcmqrdb/libsrc/dcmqrdbi.cc. A remote attacker can trigger this weakness through manipulation, resulting in heap memory corruption. The vulnerability is classified as MEDIUM severity with a CVSS score of 5.3. A patc [truncated]