CVE-2026-12805 | OFFIS DCMTK up to 3.7.0 ofstd/libsrc/ofxml.cc XMLNode::parseFile heap-based overflow (Issue 1208)

SecurityVulns

A vulnerability, which was classified as critical, was found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow.

This vulnerability appears as CVE-2026-12805. The attack may be performed from remote. In addition, an exploit is available.

It is best practice to apply a patch to resolve this issue.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.VulDB Recent EntriesRead More