MicroDicom Viewer Under Attack: Heap-Based Buffer Overflow Vulnerability Discovered
CVE-2024-22100

7.8HIGH

Key Information:

Vendor: Microdicom
Status: Dicom Viewer
Vendor: CVE Published:; 1 March 2024

What is CVE-2024-22100?

A heap-based buffer overflow vulnerability exists in MicroDicom DICOM Viewer, affecting versions 2023.3 (Build 9342) and prior. This vulnerability can be exploited when a user opens a specially crafted malicious DCM file, potentially allowing an attacker to execute arbitrary code on the affected system. Proper caution and security measures are recommended when handling DICOM files to mitigate the risk of exploitation.

Affected Version(s)

DICOM Viewer 0

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Feb 12, 2024

Credit

Michael Heinzl reported these vulnerabilities to CISA.

Microdicom

What is CVE-2024-22100?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit