CVE 2013-6825

(1) and (2) in dcmnet/apps/, (3) dcmnet/libsrc/, (4) dcmwlm/libsrc/, (5) and (6) in dcmpstat/apps/, (7) dcmpstat/tests/, and (8) dcmqrdb/apps/ in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.

See the CVE page on for more details.