An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are used.
[
{
"cpes": [
"cpe:2.3:a:rordenlab:dcm2niix:*:*:*:*:*:*:*:*"
],
"vendor": "rordenlab",
"product": "dcm2niix",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.0.20240202",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]