CVE-2024-27629 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 34%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
rordenlab	dcm2niix	𝑥 < 1.0.20240202	ADP

Debian Releases

Debian Product

Codename

dcm2niix

bookworm	1.0.20220720-1+deb12u1 fixed
bullseye	ignored
forky	1.0.20250506-1 fixed
sid	1.0.20250506-1 fixed
trixie	1.0.20241211-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

dcm2niix

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
mantic	ignored
noble	needs-triage
oracular	ignored
plucky	needs-triage
questing	needs-triage

Common Weakness Enumeration

CWE-116 - Improper Encoding or Escaping of Output
The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References

https://github.com/rordenlab/dcm2niix/pull/789

https://github.com/rordenlab/dcm2niix/pull/789