Volerion logoVolerion
Volerion logoVolerion

Grassroots DICOM Library Out-of-Bounds Write Vulnerability Leading to Denial-of-Service

Vulnerability

A vulnerability allowing out-of-bounds write operations has been identified in the Grassroots DICOM library (GDCM), specifically in versions through 3.0.24. This issue arises when the library parses malformed DICOM files that contain encapsulated PixelData fragments. The vulnerability is caused by an unsigned integer underflow in buffer indexing, leading to out-of-bounds memory access and a segmentation fault. Exploitation of this vulnerability is achieved simply by opening a crafted DICOM file, which triggers a crash and creates a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the application and a denial-of-service condition.

Remediation

Users are advised to update Grassroots DICOM (GDCM) to version 3.2.2 or later. SimpleITK and medInria have also released fixes for this vulnerability.

Added: Dec 12, 2025, 9:32 PM
Updated: Dec 12, 2025, 9:32 PM

Vulnerability Rating

Custom Algorithm
spread
2.4
impact
2.5
exploitability
4.4
remediation
7.7
relevance
1.3
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.