CVE-2024-23914
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows.
When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Merative | Merge DICOM Toolkit C/C++ | v5.6.0 <= v5.17.0 | affected |
Weaknesses
- CWE-134: CWE-134 Use of Externally-Controlled Format String
Workarounds
The vulnerability can be exploited by unauthenticated attackers with a privileged position in the network. As a temporary solution, until a patch is released, it is highly recommended do not expose the vulnerable component inside an untrusted network.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.