CVE-2021-41688
High
Published: 28 June 2022
Published
28 June 2022
Modified
03 November 2025
KEV Added
—
Patch
—
CVSS Score v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.0014
33.8th percentile
Risk Priority
15
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2021-41688 is a high-severity Double Free (CWE-415) vulnerability in Offis Dcmtk. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 33.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-28700
Vulnerability details
DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can…
more
use it to launch a DoS attack.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
offis
dcmtk
≤ 3.6.6
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.