CVE-2024-52333

High CVSS: 8.4

An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

Vendor

Offis

Product

Dcmtk

CWE

CWE-119

Yayın Tarihi

2025-01-13 15:15:09

Güncelleme

2025-11-03 21:17:21

Source Identifier

talos-cna@cisco.com

KEV Date Added

Kategoriler

CWE-119 Dcmtk HIGH Offis 2025

Referanslar

https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03 https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121 https://lists.debian.org/debian-lts-announce/2025/01/msg00032.html https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2121

Benzer Kayıtlar

Medium

CVE-2022-4981

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeer…

Medium

CVE-2020-36855

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the…

Medium

CVE-2025-9732

A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dc…

Medium

CVE-2025-2357

A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of t…

Medium

CVE-2025-25472

A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM…

Medium

CVE-2025-25474

DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.