Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-36855— DCMTK dcmqrscp parseQuota stack-based overflow

CVSS 5.3 · Medium EPSS 0.03% · P9
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-36855

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
DCMTK dcmqrscp parseQuota stack-based overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
DCMTK 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
DCMTK是DCMTK开源的一个实现大部分 DICOM 标准的库和应用程序的集合。用于检查、构建和转换 DICOM 图像文件、处理离线媒体、通过网络连接发送和接收图像的软件,以及演示图像存储和工作列表服务器。 DCMTK 3.6.5及之前版本存在安全漏洞,该漏洞源于对组件dcmqrscp中函数parseQuota的参数StorageQuota的错误操作,可能导致栈缓冲区溢出。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-DCMTK 3.6.0 -

II. Public POCs for CVE-2020-36855

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-36855

登录查看更多情报信息。

Same Patch Batch · n/a · 2025-10-21 · 27 CVEs total

CVE-2025-605078.9 HIGHMoodle GeniAI plugin 安全漏洞
CVE-2022-49813.3 LOWDCMTK dcmqrscp dcmqrcnf.cc readPeerList null pointer dereference
CVE-2025-60511Moodle OpenAI Chat Block plugin 安全漏洞
CVE-2025-52079D-Link DIR-820L 安全漏洞
CVE-2025-61457sharp 安全漏洞
CVE-2025-56802Reolink desktop application 安全漏洞
CVE-2025-56799Reolink desktop application 安全漏洞
CVE-2025-56801Reolink desktop application 安全漏洞
CVE-2025-56800Reolink desktop application 安全漏洞
CVE-2025-61255PHPGurukul Bank Locker Management System 安全漏洞
CVE-2025-60427Libretime 安全漏洞
CVE-2025-60790ProcessWire 安全漏洞
CVE-2025-60772NETLINK HG322G 安全漏洞
CVE-2025-60506Moodle PDF Annotator plugin 安全漏洞
CVE-2025-60500QDocs Smart School Management System 安全漏洞
CVE-2025-60280Bang Resto 安全漏洞
CVE-2025-61220MySecondLine 安全漏洞
CVE-2025-61181DaiCuo CMS 安全漏洞
CVE-2025-61194DaiCuo CMS 安全漏洞
CVE-2025-56450Spacecom Log2Space Subscriber Management Software 安全漏洞

Showing top 20 of 27 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: DCMTK
Same vendor: n/a
Same weakness: CWE-121

V. Comments for CVE-2020-36855

No comments yet

Leave a comment