Actions
Bug #1168
closed
Missing check that HighBit < BitsAllocated
Start date:
2025-11-06
Due date:
% Done:
100%
Estimated time:
Module:
Operating System:
Compiler:
Description
In class DicomImage, a check was missing during the image preprocessing to make sure that the value of HighBit is always less than the value of BitsAllocated. This can lead to memory corruption if an invalid combination of values was retrieved from a malformed DICOM dataset.
Thanks to Emmanuel Tacheau from the Cisco Talos team <vulndiscovery@external.cisco.com> for the report, sample file (PoC) and detailed analysis.
Fixed in commit #03e851b05.
This issue has been registered as TALOS-2024-2121 and CVE-2024-52333 (https://www.cve.org/CVERecord?id=2024-52333).
No data to display
Actions