CVE-2024-28130

2024-04-2314:46:43

CWE-704

talos

www.cve.org

vulnerability

functionality

offis dcmtk 3.6.8

arbitrary code execution

malicious file

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.0%

JSON

An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "OFFIS",
    "product": "DCMTK",
    "versions": [
      {
        "version": "3.6.8",
        "status": "affected"
      }
    ]
  }
]