CVE-2024-22391

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-22391
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22391.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-22391
Downstream
Published
2024-04-25T15:16:04Z
Modified
2025-08-26T19:17:45.039781Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

References

Affected packages

Debian:11 / gdcm

Package

Name
gdcm
Purl
pkg:deb/debian/gdcm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.8-2
3.0.8-3
3.0.8-4
3.0.10-1~bpo11+1
3.0.10-1
3.0.11-1
3.0.12-1
3.0.13-1
3.0.13-2~bpo11+1
3.0.13-2
3.0.13-3
3.0.14-1
3.0.16-1
3.0.17-1~bpo11+1
3.0.17-1
3.0.17-2
3.0.17-3
3.0.17-4~bpo11+1
3.0.17-4
3.0.17-5
3.0.20-1
3.0.20-2
3.0.20-3
3.0.20-3+hurd.1
3.0.21-1
3.0.21-2
3.0.22-1
3.0.22-2
3.0.22-2.1~exp1
3.0.22-2.1
3.0.22-3
3.0.24-1
3.0.24-1+hurd.1
3.0.24-2
3.0.24-3
3.0.24-3+hurd.1
3.0.24-4
3.0.24-5
3.0.24-5+hurd.1
3.0.24-5+hurd.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gdcm

Package

Name
gdcm
Purl
pkg:deb/debian/gdcm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.21-1
3.0.21-2
3.0.22-1
3.0.22-2
3.0.22-2.1~exp1
3.0.22-2.1
3.0.22-3
3.0.24-1
3.0.24-1+hurd.1
3.0.24-2
3.0.24-3
3.0.24-3+hurd.1
3.0.24-4
3.0.24-5
3.0.24-5+hurd.1
3.0.24-5+hurd.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gdcm

Package

Name
gdcm
Purl
pkg:deb/debian/gdcm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.24-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / gdcm

Package

Name
gdcm
Purl
pkg:deb/debian/gdcm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.24-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/malaterre/gdcm

Affected ranges

Type
GIT
Repo
https://github.com/malaterre/gdcm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

v2.*

v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9

v3.*

v3.0.0
v3.0.1
v3.0.10
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.18
v3.0.19
v3.0.2
v3.0.20
v3.0.21
v3.0.22
v3.0.23
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9