CVE-2024-25569

2024-04-2515:16:04

CWE-125

talos

web.nvd.nist.gov

cve-2024-25569

out-of-bounds read

rawcodec::decodebytes

mathieu malaterre

grassroot dicom

vulnerability

dicom file

attacker

malicious file

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

AI Score

6.2

Confidence

Low

EPSS

Percentile

15.5%

JSON

An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.

Affected configurations

Vulners

Vulnrichment

Node

grassroot_dicomgrassroot_dicomRange≤3.0.23

VendorProductVersionCPE
grassroot_dicomgrassroot_dicom*cpe:2.3:a:grassroot_dicom:grassroot_dicom:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
grassroot_dicom	grassroot_dicom	*	cpe:2.3:a:grassroot_dicom:grassroot_dicom::::::::

CNA Affected

[
  {
    "vendor": "Grassroot DICOM",
    "product": "Grassroot DICOM",
    "versions": [
      {
        "version": "3.0.23",
        "status": "affected"
      }
    ]
  }
]