PatchSiren

OFFIS CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW OFFIS CVE published 2026-06-21

CVE-2026-12805

CVE-2026-12805 is a heap-based buffer overflow vulnerability in OFFIS DCMTK up to 3.7.0. The issue is in the XMLNode::parseFile function in ofstd/libsrc/ofxml.cc. This flaw can be exploited remotely. The CVSS score is 2.1, indicating a low severity. The vendor responded professionally and released a fixed version quickly. To limit exposure, defenders should prioritize patching.

MEDIUM OFFIS CVE published 2026-05-31

CVE-2026-10194

A heap-based buffer overflow vulnerability exists in OFFIS DCMTK 3.7.0 within the dcmqrscp component. The flaw resides in the DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages function in dcmqrdb/libsrc/dcmqrdbi.cc. A remote attacker can trigger this weakness through manipulation, resulting in heap memory corruption. The vulnerability is classified as MEDIUM severity with a CVSS score of 5.3. A patc [truncated]