https://bugzilla.suse.com/show_bug.cgi?id=1208638 Bug ID: 1208638 Summary: VUL-0: CVE-2022-2120: dcmtk: relative path traversal vulnerability Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/335511/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: kde-maintainers@suse.de Reporter: gabriele.sonnu@suse.com QA Contact: security-team@suse.de CC: security-team@suse.de Found By: Security Response Team Blocker: --- OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2120 https://bugzilla.redhat.com/show_bug.cgi?id=2173041 https://www.cve.org/CVERecord?id=CVE-2022-2120 https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01 -- You are receiving this mail because: You are on the CC list for the bug.