CVE-2024-52333

An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03	Patch
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/01/msg00032.html
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2121	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:offis:dcmtk:3.6.8:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-01-13 15:15

Updated : 2025-11-03 21:17

NVD link : CVE-2024-52333

Mitre link : CVE-2024-52333

CVE.ORG link : CVE-2024-52333

JSON object : View

Products Affected

offis

dcmtk

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2024-52333", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-01-13T15:15:09.130", "references": [{"url": "https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03", "tags": ["Patch"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00032.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2121", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de validaci\u00f3n incorrecta del \u00edndice de matriz en la funci\u00f3n determineMinMax de OFFIS DCMTK 3.6.8. Un archivo DICOM manipulado especialmente puede provocar una escritura fuera de los l\u00edmites. Un atacante puede proporcionar un archivo malicioso para activar esta vulnerabilidad."}], "lastModified": "2025-11-03T21:17:21.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:offis:dcmtk:3.6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4A80B78-3210-466A-B051-3516CBDD6B84"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}