CVE-2024-42845
published 2024-08-23CVE-2024-42845: An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary…
PriorityP353high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
EXPLOIT
EPSS
2.66%
83.8th percentile
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | invesalius | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect DICOM files where DICOM tag (0020,0032) — ImagePositionPatient — contains Python exec/eval injection strings such as 'exec(' or '__import__', which are not valid numeric coordinate values. ↗
- →Look for DICOM files with Manufacturer set to 'Malicious DICOM file creator' or InstitutionName set to 'Malicious DICOM file institution' as optional attacker-controlled signatures embedded by the exploit script. ↗
- →The exploit payload is base64-encoded Python code injected into the DICOM tag value and decoded at runtime via exec(__import__('base64').b64decode(...)). Scan DICOM imports for base64-encoded blobs within tag (0020,0032). ↗
- ·All Debian-tracked distributions (bookworm, bullseye, forky, sid, trixie) remain open/unpatched as of the advisory; no fixed package version is available from Debian. ↗
- ·The exploit script optionally embeds attacker-chosen Manufacturer and InstitutionName strings (controlled by --signature flag); defenders should not rely solely on these fields as they are optional and easily changed. ↗
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
osv8.0HIGH
vendor_debian8.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x34v-6wh4-m93r: An eval Injection vulnerability in the component invesalius/reader/dicom
ghsa_unreviewed·2024-08-23
CVE-2024-42845 [HIGH] CWE-94 GHSA-x34v-6wh4-m93r: An eval Injection vulnerability in the component invesalius/reader/dicom
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
OSV
CVE-2024-42845: An eval Injection vulnerability in the component invesalius/reader/dicom
osv·2024-08-23·CVSS 8.0
CVE-2024-42845 [HIGH] CVE-2024-42845: An eval Injection vulnerability in the component invesalius/reader/dicom
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
Debian
CVE-2024-42845: invesalius - An eval Injection vulnerability in the component invesalius/reader/dicom.py of I...
vendor_debian·2024·CVSS 8.0
CVE-2024-42845 [HIGH] CVE-2024-42845: invesalius - An eval Injection vulnerability in the component invesalius/reader/dicom.py of I...
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No writeups or analysis indexed.
2024-08-23
Published