CVE-2025-53644

13 views

Skip to first unread message

p.p...@synedra.com

unread,

Sep 12, 2025, 12:29:30 PM (2 days ago) Sep 12

to dcm4che

Hello Nicolas, Hello Gunter!

So, CVE-2025-53644 [1] is a thing, potentially leading to remote code execution through OpenCV. Of all the linked resources, the POC [2] seems the most insightful to me.

Since Dcm4che and Weasis depend on a forked version of OpenCV, I want to
a) make you aware, if you weren't already, and

b) ask you for an estimate on when we can expect a new version that includes the fix.

Also, can I reasonably expect an older version of Dcm4che to work with a newer version of the OpenCV binaries, or is such an approach doomed to fail anyway?

Cheers,

Patrick

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-53644
[2] https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/

[3] https://github.com/nroduit/mvn-repo/tree/master/org/weasis/thirdparty/org/opencv

Reply all

Reply to author

Forward

0 new messages