https://bugzilla.suse.com/show_bug.cgi?id=1208637 Bug ID: 1208637 Summary: VUL-0: CVE-2022-2119: dcmtk: path traversal vulnerability Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/335512/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: kde-maintainers@suse.de Reporter: gabriele.sonnu@suse.com QA Contact: qa-bugs@suse.de CC: security-team@suse.de Found By: Security Response Team Blocker: --- OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2119 https://bugzilla.redhat.com/show_bug.cgi?id=2173038 https://www.cve.org/CVERecord?id=CVE-2022-2119 https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01 -- You are receiving this mail because: You are on the CC list for the bug.