CVE-2025-48429Improper Restriction of Operations within the Bounds of a Memory Buffer in Dicom

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read8 documents7 sources
Severity
9.1CRITICALNVD
CNA7.4
EPSS
0.1%
top 77.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Grassroot DicomMalaterre Grassroots Dicom
Timeline
PublishedDec 16
Latest updateDec 17

Description

An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to leaking heap data. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
GHSA-7rw8-4p59-vgjq: An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 32025-12-17
CVEList
CVE-2025-48429: An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 32025-12-16
OSV
CVE-2025-48429: An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 32025-12-16

📋Vendor Advisories

1
Debian
CVE-2025-48429: gdcm - An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams func...2025

🕵️Threat Intelligence

3
Talos
Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities2025-12-17
Talos
Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities2025-12-17
Wiz
CVE-2025-48429 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-48429 — Grassroot Dicom vulnerability | cvebase