Malaterre Grassroots Dicom vulnerabilities

CVE-2025-53618 [CRITICAL] CWE-119 CVE-2025-53618: An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grass An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `grayscale_convert` is called based of the value of the malicious DICOM file specif

CVE-2025-53619 [CRITICAL] CWE-119 CVE-2025-53619: An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grass An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `null_convert` is called based of the value of the malicious DICOM file specifying

CVE-2025-48429 [CRITICAL] CWE-119 CVE-2025-48429: An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassro An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to leaking heap data. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2025-52582 [HIGH] CWE-119 CVE-2025-52582: An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality of An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2024-22391 [CRITICAL] CWE-119 CVE-2024-22391: A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathie A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2024-22373 [CRITICAL] CWE-119 CVE-2024-22373: An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionalit An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2024-25569 [MEDIUM] CWE-125 CVE-2024-25569: An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Mal An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2015-8396 [CRITICAL] CWE-189 CVE-2015-8396: Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcm Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.

CVE-2015-8397 [HIGH] CWE-125 CVE-2015-8397: The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroot The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensi