CVE-2024-24794

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Feb 20, 2024
CWE ID 416

Summary

CVE-2024-24794 is a use-after-free vulnerability affecting Imaging Data Commons libdicom 1.0.5. This issue arises when a specially crafted DICOM file induces the vulnerable application to free memory prematurely, which later gets used. The memory manipulation occurs during parsing of Sequence Value Representations in the `parse_meta_sequence_end()` function. Attackers could exploit this vulnerability by providing a malicious DICOM image, potentially leading to arbitrary code execution or denial-of-service conditions.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share