GHSA-f3pc-ww42-cwqpHighCVSS 9.1

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM...

Published
June 25, 2026
Last Modified
June 25, 2026

🔗 CVE IDs covered (1)

📋 Description

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths.

🔗 References (5)