Security Advisory
CVE-2022-2119
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
OFFIS DCMTKs (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.