CVE-2025-53618

Summary

An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function grayscale_convert is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data

Affected Software

VendorProductVersion RangeStatus
Grassroot DICOMGrassroot DICOM3.024affected

Weaknesses

  • CWE-119: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References