Grassroot DICOM Out-of-Bounds Read Vulnerability in Overlay Processing

A vulnerability allowing out-of-bounds read has been identified in Grassroot DICOM version 3.024. This issue arises in the Overlay::GrabOverlayFromPixelData function, where the absence of proper size validation allows specially crafted DICOM files to be processed incorrectly. As a result, this vulnerability can lead to an information leak by manipulating the way pixel data is read, causing the application to access memory outside of the intended bounds.

Impact

Exploitation of this vulnerability causes a segmentation fault, indicating a crash due to invalid memory access. However, the out-of-bounds read could be leveraged to access sensitive information from memory, particularly from glibc, which could be used for further exploitation.

Reproduction

The vulnerability can be reproduced by using a DICOM file that has been crafted to manipulate the length of the pixel data overlay, specifically targeting the Overlay::GrabOverlayFromPixelData function. When this file is processed, the application will attempt to read the manipulated data, leading to an out-of-bounds access and a crash.