Activity - Marco Eichelberg - OFFIS DCMTK and DICOM Projects

Marco Eichelberg's activity

From 2026-03-12 to 2026-04-10

2026-04-10

17:09 DCMTK Feature #1203 (New): Remove DCMTK specific implementations of STL classes: For DCMTK 3.7.2, the DCMTK specific implementations of STL classes such as string, list, vector, stack etc. should be... Marco Eichelberg
17:07 DCMTK Feature #1202 (New): Remove C++98 support and enable STL by default: In DCMTK 3.7.1, support for C++ 98, which is already deprecated, should be completely removed. A C++ language level o... Marco Eichelberg

2026-04-07

10:33 DCMTK Bug #1194: OS command injection vulnerability in storescp --exec-on-reception: This issue has been assigned CVE number CVE-2026-5663 (https://vuldb.com/vuln/355486).
Marco Eichelberg

2026-04-04

09:06 DCMTK Bug #1188 (Closed): Assertion failure in JPEG-LS encoder: Closed by commit #08c4c8734.
Marco Eichelberg

2026-03-29

14:51 DCMTK Bug #1198 (Closed): Path Traversal in JSON Bulkdata Loading: Closed by commit #969c4b6f2.
Marco Eichelberg
10:05 DCMTK Bug #1197 (Closed): Uninitialized Memory Read in JSMN Token Array: Closed by commit #ae94a3d75.
Marco Eichelberg
09:03 DCMTK Bug #1196 (Closed): SEGV via OOB Read in DcmJSONReader getTokenContent: Closed by commit #4add0621b (i.e. the same commit that also closed DCMTK issue #1193.) Marco Eichelberg

2026-03-28

20:08 DCMTK Bug #1195 (Closed): Heap OOB Read via PersonName Path in DcmJSONReader: Closed by commit #4add0621b (i.e. the same commit that also closed DCMTK issue #1193.) Marco Eichelberg
18:22 DCMTK Bug #1193 (Closed): Heap OOB Read in DcmJSONReader getTokenContent: Closed by commit #4add0621b.
Marco Eichelberg

2026-03-24

09:21 DCMTK Bug #1194: OS command injection vulnerability in storescp --exec-on-reception: Also see: https://machinespirits.com/advisory/2e1627/
Marco Eichelberg

2026-03-21

18:35 DCMTK Bug #1194 (Closed): OS command injection vulnerability in storescp --exec-on-reception: Closed by DCMTK commit #edbb085e4.
Marco Eichelberg
18:23 DCMTK Bug #1194: OS command injection vulnerability in storescp --exec-on-reception: This vulnerability only affects the @storescp@ command line tool, not the underlying libraries. The vulnerability is ... Marco Eichelberg

2026-03-14

17:40 DCMTK Bug #1194 (Closed): OS command injection vulnerability in storescp --exec-on-reception: Three placeholder tokens used in the shell command execution feature (#f , #p , #r) are derived from attacker-control... Marco Eichelberg

Also available in: Atom