Primary

Context

Grassroot DICOM Out-of-Bounds Read Vulnerability in JPEG Compression Handling

Vulnerability

A vulnerability allowing out-of-bounds read has been identified in Grassroot DICOM version 3.024. This issue arises within the JPEGBITSCodec::InternalCode function, where the absence of proper size checks on memory buffers can lead to information leaks. The vulnerability can be triggered by a specially crafted DICOM file that exploits this flaw during the processing of image pixel data.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the application.

Reproduction

The vulnerability can be reproduced by using Grassroot DICOM 3.024 to process a DICOM file that has been crafted to exploit the out-of-bounds read issue. When the file is processed, the JPEGBITSCodec::InternalCode function is called, and the vulnerability manifests as a segmentation fault, crashing the application.

Added: Dec 16, 2025, 10:19 PM

Updated: Dec 16, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.0

remediation

0.0

relevance

1.4

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.0

remediation

0.0

relevance

1.4

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grassroot DICOM Out-of-Bounds Read Vulnerability in JPEG Compression Handling

Vulnerability

Impact

Reproduction

Affected Products

Grassroot DICOM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating