What is CVE-2022-2119?

CVE-2022-2119 is a high-severity vulnerability in Offis Dcmtk, classified under Path Traversal. CVSS score: 7.5/10. Published 2022-06-24.

How severe is CVE-2022-2119?

High severity. CVSS v3 base score is 7.5 out of 10.

Path Traversal in Offis Dcmtk

CVE-2022-2119

OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.057 (90.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Offis Dcmtk — versions unspecified

Weakness classification (CWE)

CWE-22 — Path Traversal

References

www.cisa.gov/uscert/ics/advisories/icsma-22-174-01 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-2119?: CVE-2022-2119 is a high-severity vulnerability in Offis Dcmtk, classified under Path Traversal. CVSS score: 7.5/10. Published 2022-06-24.
How severe is CVE-2022-2119?: High severity. CVSS v3 base score is 7.5 out of 10.