CVE-2024-25569

EUVD-2024-22897
An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
malaterregrassroots_dicom
3.0.23
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
grassroots_dicom_projectgrassroots_dicom
3.0.23
ADP
Debian logo
Debian Releases
Debian Product
Codename
gdcm
bookworm
no-dsa
bullseye
no-dsa
buster
postponed
forky
3.0.24-9
fixed
sid
3.0.24-9
fixed
trixie
3.0.24-5
fixed
Common Weakness Enumeration
References
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1944