CVE-2013-6825 - DCMTK 3.6.1 - root privilege escalation

Hector Marco, Ismael Ripoll

Research output: Other contribution


A bug in DCMTK for versions prior to 3.6.1 has been found. The bug is caused by not checking the return value of setuid() call. The process must not continue its normal execution when this call fails (return an error) to drop privileges.
Original languageEnglish
Publication statusPublished - 25 Mar 2014

Cite this