Primary

Context

Grassroots DICOM Library Denial-of-Service Vulnerability Due to Memory Leak

Vulnerability

A memory leak vulnerability has been identified in the Grassroots DICOM library (GDCM) version 3.2.2. This issue arises when the library parses malformed DICOM files containing non-standard VR types in the file meta information. The vulnerability causes excessive memory allocation and resource exhaustion, leading to a denial-of-service condition. A maliciously crafted DICOM file can fill the heap in a single read operation without releasing the memory properly.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by depleting system resources and memory, leading to potential application or system crashes.

Remediation

The maintainer of Grassroots DICOM (GDCM) has not responded to requests to work with CISA to mitigate this vulnerability. For update information, refer to the Grassroots DICOM project page on SourceForge.

Added: Mar 26, 2026, 10:24 PM

Updated: Mar 26, 2026, 10:24 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

3.3

exploitability

4.7

remediation

7.9

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

3.3

exploitability

4.7

remediation

7.9

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grassroots DICOM Library Denial-of-Service Vulnerability Due to Memory Leak

Vulnerability

Impact

Remediation

Affected Products

Grassroots DICOM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating