Lucene search

K
cvelistTalosCVELIST:CVE-2024-28130
HistoryApr 23, 2024 - 2:46 p.m.

CVE-2024-28130

2024-04-2314:46:43
CWE-704
talos
www.cve.org
1
vulnerability
functionality
offis dcmtk 3.6.8
arbitrary code execution
malicious file

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.0%

An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "OFFIS",
    "product": "DCMTK",
    "versions": [
      {
        "version": "3.6.8",
        "status": "affected"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.0%