DCMTK

Received by email from the IN-CYPHER OSS Security Team (2026-03-09):

Subject: IC-DCMTK-0003: Stack Overflow via Deeply Nested DICOM Sequences
Version: DCMTK master 418274445 (DCMTK-3.7.0+64)
CWE: CWE-674 (Uncontrolled Recursion)

This report describes a stack overflow in the
binary DICOM parser caused by unbounded mutual recursion between
DcmSequenceOfItems::read() and DcmItem::read(). A crafted DICOM file
containing approximately 1,060 levels of nested sequences (using tag
(0040,A730) Content Sequence) exhausts the call stack, crashing any
DCMTK-based application that parses the file. The PoC is only ~40 KB and
affects all DICOM parsing operations including dcmdump, network
services, and PACS servers. No recursion depth limit exists anywhere in
the call chain.

Please find the detailed report, proof-of-concept, and sanitizer output
in the attachments.