CVE-2024-52333

Published: Jan 13, 2025Modified: Nov 3, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

Affected (1)

Products: Offis: Dcmtk

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Offis Dcmtk	Version 3.6.8

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03

Source: talos-cna@cisco.com

Patch

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2025/01/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2121

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.