Lucene search

GoogleOSV:CVE-2024-42845

HistoryAug 23, 2024 - 7:15 p.m.

CVE-2024-42845

2024-08-2319:15:06

Google

osv.dev

eval injection

invesalius

dicom file

arbitrary code

software

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

JSON

An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.

References

github.com/invesalius/invesalius3

github.com/invesalius/invesalius3/releases

github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845

security-tracker.debian.org/tracker/CVE-2024-42845

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

JSON

Related for OSV:CVE-2024-42845