OFFIS DCMTK and DICOM Projects

2026-04-10

17:09 DCMTK Feature #1203 (New): Remove DCMTK specific implementations of STL classes

For DCMTK 3.7.2, the DCMTK specific implementations of STL classes such as string, list, vector, stack etc. should be... Marco Eichelberg

17:07 DCMTK Feature #1202 (New): Remove C++98 support and enable STL by default

In DCMTK 3.7.1, support for C++ 98, which is already deprecated, should be completely removed. A C++ language level o... Marco Eichelberg

2026-04-07

10:33 DCMTK Bug #1194: OS command injection vulnerability in storescp --exec-on-reception

This issue has been assigned CVE number CVE-2026-5663 (https://vuldb.com/vuln/355486).
Marco Eichelberg

2026-04-04

09:06 DCMTK Bug #1188 (Closed): Assertion failure in JPEG-LS encoder

Closed by commit #08c4c8734.
Marco Eichelberg

2026-03-29

14:51 DCMTK Bug #1198 (Closed): Path Traversal in JSON Bulkdata Loading

Closed by commit #969c4b6f2.
Marco Eichelberg

10:05 DCMTK Bug #1197 (Closed): Uninitialized Memory Read in JSMN Token Array

Closed by commit #ae94a3d75.
Marco Eichelberg

09:03 DCMTK Bug #1196 (Closed): SEGV via OOB Read in DcmJSONReader getTokenContent

Closed by commit #4add0621b (i.e. the same commit that also closed DCMTK issue #1193.) Marco Eichelberg

2026-03-28

20:08 DCMTK Bug #1195 (Closed): Heap OOB Read via PersonName Path in DcmJSONReader

Closed by commit #4add0621b (i.e. the same commit that also closed DCMTK issue #1193.) Marco Eichelberg

18:22 DCMTK Bug #1193 (Closed): Heap OOB Read in DcmJSONReader getTokenContent

Closed by commit #4add0621b.
Marco Eichelberg

2026-03-24

09:21 DCMTK Bug #1194: OS command injection vulnerability in storescp --exec-on-reception

Also see: https://machinespirits.com/advisory/2e1627/
Marco Eichelberg