CVE-2024-52333 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Dcmtk

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 81.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Offis Dcmtk Debian Dcmtk

Timeline

PublishedJan 13

Latest updateJan 29

Description

An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Debianoffis/dcmtk< 3.6.5-1+deb11u1+3

▶NVDoffis/dcmtk3.6.8

▶debiandebian/dcmtk< dcmtk 3.6.7-9~deb12u2 (bookworm)

Patches

Patch: git.dcmtk.org ↗

🔴Vulnerability Details

GHSA

GHSA-89c7-pc4g-j258: An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3↗2025-01-13

▶

OSV

CVE-2024-52333: An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3↗2025-01-13

▶

📋Vendor Advisories

Debian

CVE-2024-52333: dcmtk - An improper array index validation vulnerability exists in the determineMinMax f...↗2024

▶

🕵️Threat Intelligence

Talos

Whatsup Gold, Observium and Offis vulnerabilities↗2025-01-29

▶

Talos

Whatsup Gold, Observium and Offis vulnerabilities↗2025-01-29

▶