cbcvebase.
CVE-2024-42845
published 2024-08-23

CVE-2024-42845: An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary…

PriorityP353high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
EXPLOIT
EPSS
2.66%
83.8th percentile
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.

Affected

1 ranges
VendorProductVersion rangeFixed in
debianinvesalius

Detection & IOCsextracted from sources · hover to see the quote

pathinvesalius/reader/dicom.py
commandexec(__import__('base64').b64decode({base64.b64encode(data)})
otherDICOM tag 0x00200032 (ImagePositionPatient/CS) containing eval-injectable payload
  • Detect DICOM files where DICOM tag (0020,0032) — ImagePositionPatient — contains Python exec/eval injection strings such as 'exec(' or '__import__', which are not valid numeric coordinate values.
  • Look for DICOM files with Manufacturer set to 'Malicious DICOM file creator' or InstitutionName set to 'Malicious DICOM file institution' as optional attacker-controlled signatures embedded by the exploit script.
  • The exploit payload is base64-encoded Python code injected into the DICOM tag value and decoded at runtime via exec(__import__('base64').b64decode(...)). Scan DICOM imports for base64-encoded blobs within tag (0020,0032).
  • ·All Debian-tracked distributions (bookworm, bullseye, forky, sid, trixie) remain open/unpatched as of the advisory; no fixed package version is available from Debian.
  • ·The exploit script optionally embeds attacker-chosen Manufacturer and InstitutionName strings (controlled by --signature flag); defenders should not rely solely on these fields as they are optional and easily changed.

CVSS provenance

nvdv3.18.0HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
osv8.0HIGH
vendor_debian8.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.