CVE-2024-52333

An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:offis:dcmtk:3.6.8:*:*:*:*:*:*:*

History

24 Jun 2025, 13:44

Type Values Removed Values Added
CPE cpe:2.3:a:offis:dcmtk:3.6.8:*:*:*:*:*:*:*
First Time Offis
Offis dcmtk
References () https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03 - () https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03 - Patch
References () https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121 - () https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121 - Exploit, Third Party Advisory
References () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2121 - () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2121 - Exploit, Third Party Advisory
Summary
  • (es) Existe una vulnerabilidad de validación incorrecta del índice de matriz en la función determineMinMax de OFFIS DCMTK 3.6.8. Un archivo DICOM manipulado especialmente puede provocar una escritura fuera de los límites. Un atacante puede proporcionar un archivo malicioso para activar esta vulnerabilidad.

13 Jan 2025, 16:15

Type Values Removed Values Added
References
  • () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2121 -

13 Jan 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-13 15:15

Updated : 2025-06-24 13:44


NVD link : CVE-2024-52333

Mitre link : CVE-2024-52333

CVE.ORG link : CVE-2024-52333


JSON object : View

Products Affected

offis

  • dcmtk
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer