CVE-2024-25569
published 2024-04-25CVE-2024-25569: An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM…
PriorityP433medium6.5CVSS 3.1
AVNACLPRNUINSUCLINAL
EPSS
1.08%
61.0th percentile
An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdcm | < gdcm 3.0.24-1 (forky) | gdcm 3.0.24-1 (forky) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| grassroot_dicom | grassroot_dicom | — | — |
| malaterre | grassroots_dicom | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jc42-r5p9-j2vr: An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3
ghsa_unreviewed·2024-04-25
CVE-2024-25569 [MEDIUM] CWE-125 GHSA-jc42-r5p9-j2vr: An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3
An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.
OSV
CVE-2024-25569: An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3
osv·2024-04-25·CVSS 6.5
CVE-2024-25569 [MEDIUM] CVE-2024-25569: An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3
An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.
Debian
CVE-2024-25569: gdcm - An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes function...
vendor_debian·2024·CVSS 6.5
CVE-2024-25569 [MEDIUM] CVE-2024-25569: gdcm - An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes function...
An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 3.0.24-1)
sid: resolved (fixed in 3.0.24-1)
trixie: resolved (fixed in 3.0.24-1)
No detection rules found.
No public exploits indexed.
Talos
Vulnerabilities in employee management system could lead to remote code execution, login credential theft
blogs_talos·2024-05-01·CVSS 5.3
[MEDIUM] Vulnerabilities in employee management system could lead to remote code execution, login credential theft
Cisco Talos’ Vulnerability Research team has disclosed more than a dozen vulnerabilities over the past three weeks, five in a device that allows employees to check in and out of their shifts, and another that exists in an open-source library used in medical device imaging files.
The Peplink Smart Reader contains several vulnerabilities, including one issue that could allow an adversary to obtain the administrator’s login credentials and the MD5-hashed version of their password.
Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.o
Talos
Vulnerabilities in employee management system could lead to remote code execution, login credential theft
blogs_talos·2024-05-01·CVSS 5.3
[MEDIUM] Vulnerabilities in employee management system could lead to remote code execution, login credential theft
## Vulnerabilities in employee management system could lead to remote code execution, login credential theft
Cisco Talos’ Vulnerability Research team has disclosed more than a dozen vulnerabilities over the past three weeks, five in a device that allows employees to check in and out of their shifts, and another that exists in an open-source library used in medical device imaging files.
The Peplink Smart Reader contains several vulnerabilities, including one issue that could allow an adversary to obtain the administrator’s login credentials and the MD5-hashed version of their password.
Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files.
For Snort
https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1944
2024-04-25
Published