CVE-2024-28130

Published: Apr 23, 2024Modified: Nov 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: CNA (Secondary)

Description

An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Affected (2)

Products: Offis: Dcmtk · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Offis Dcmtk	Version 3.6.8

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

References (6)

https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html

Source: talos-cna@cisco.com

Third Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/01/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1957

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.