CVE-2024-24793

Опубликовано: 20 фев. 2024

Источник: nvd

CVSS3: 8.1

CVSS3: 9.8

EPSS Низкий

Описание

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the parse_meta_element_create() parsing the elements in the File Meta Information header.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1931
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1931
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1931

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nih:libdicom:1.0.5:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00333

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-416

Связанные уязвимости

GHSA-6989-vr9p-xx57

CVSS3: 8.1

github

почти 2 года назад

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_element_create()` parsing the elements in the File Meta Information header.

BDU:2024-01657

CVSS3: 8.1

fstec

около 2 лет назад

Уязвимость функции parse_meta_element_create() библиотеки обработки файлов DICOM libdicom, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 56%

0.00333

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-416