CVE-2024-52333
published 2025-01-13CVE-2024-52333: An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to…
PriorityP339high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.61%
44.7th percentile
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dcmtk | < dcmtk 3.6.7-9~deb12u2 (bookworm) | dcmtk 3.6.7-9~deb12u2 (bookworm) |
| offis | dcmtk | — | — |
| offis | dcmtk | >= 0 < 3.6.5-1+deb11u1 | 3.6.5-1+deb11u1 |
| offis | dcmtk | >= 0 < 3.6.7-9~deb12u2 | 3.6.7-9~deb12u2 |
| offis | dcmtk | >= 0 < 3.6.8-7 | 3.6.8-7 |
| offis | dcmtk | >= 0 < 3.6.8-7 | 3.6.8-7 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian8.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-89c7-pc4g-j258: An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3
ghsa_unreviewed·2025-01-13
CVE-2024-52333 [HIGH] CWE-119 GHSA-89c7-pc4g-j258: An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
OSV
CVE-2024-52333: An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3
osv·2025-01-13·CVSS 7.8
CVE-2024-52333 [HIGH] CVE-2024-52333: An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
Debian
CVE-2024-52333: dcmtk - An improper array index validation vulnerability exists in the determineMinMax f...
vendor_debian·2024·CVSS 8.4
CVE-2024-52333 [HIGH] CVE-2024-52333: dcmtk - An improper array index validation vulnerability exists in the determineMinMax f...
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
Scope: local
bookworm: resolved (fixed in 3.6.7-9~deb12u2)
bullseye: resolved (fixed in 3.6.5-1+deb11u1)
forky: resolved (fixed in 3.6.8-7)
sid: resolved (fixed in 3.6.8-7)
trixie: resolved (fixed in 3.6.8-7)
No detection rules found.
No public exploits indexed.
Talos
Whatsup Gold, Observium and Offis vulnerabilities
blogs_talos·2025-01-29·CVSS 7.5
[HIGH] Whatsup Gold, Observium and Offis vulnerabilities
Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold.
These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications implementing DICOM (Digital Imaging and Communications in Medicine) standard formats; and WhatsUp Gold, an IT infrastructure management product.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are alw
Talos
Whatsup Gold, Observium and Offis vulnerabilities
blogs_talos·2025-01-29·CVSS 7.5
[HIGH] Whatsup Gold, Observium and Offis vulnerabilities
## Whatsup Gold, Observium and Offis vulnerabilities
Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold.
These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications implementing DICOM (Digital Imaging and Communications in Medicine) standard formats; and WhatsUp Gold, an IT infrastructure management product.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy .
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Sno
2025-01-13
Published