CVE-2024-23914

Summary

Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows.

When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception.

Affected Software

VendorProductVersion RangeStatus
MerativeMerge DICOM Toolkit C/C++v5.6.0 <= v5.17.0affected

Weaknesses

  • CWE-134: CWE-134 Use of Externally-Controlled Format String

Workarounds

The vulnerability can be exploited by unauthenticated attackers with a privileged position in the network. As a temporary solution, until a patch is released, it is highly recommended do not expose the vulnerable component inside an untrusted network.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References