Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-8396Improper Restriction of Operations within the Bounds of a Memory Buffer in Grassroots Dicom

CWE-1898 documents7 sources
Severity
10.0CRITICALNVD
EPSS
23.5%
top 4.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Malaterre Grassroots Dicom
Timeline
PublishedJan 12
Latest updateMay 14

Description

Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-xc32-5f4v-7g6x: Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader2022-05-14
OSV
CVE-2015-8396: Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader2016-01-12
CVEList
CVE-2015-8396: Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader2016-01-12

💥Exploits & PoCs

1
Exploit-DB
Grassroots DICOM (GDCM) 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow2016-01-12

📋Vendor Advisories

1
Debian
CVE-2015-8396: gdcm - Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStora...2015

💬Community

2
Bugzilla
CVE-2015-8396 gdcm: Buffer overflow in ImageRegionReader::ReadIntoBuffer [fedora-all]2016-01-11
Bugzilla
CVE-2015-8396 gdcm: Buffer overflow in ImageRegionReader::ReadIntoBuffer2016-01-11
CVE-2015-8396 — Grassroots Dicom vulnerability | cvebase