CVE-2009-3994

Name of the Vulnerable Software and Affected Versions DevIL version 1.7.8

Description The issue is a stack-based buffer overflow in the GetUID function, located in the src-IL/src/il dicom.c file. This allows remote attackers to cause a denial of service, resulting in an application crash, or potentially execute arbitrary code. The attack vector is a crafted DICOM file.

Recommendations For DevIL version 1.7.8, consider avoiding the use of the GetUID function until a patch is available, or refrain from processing crafted DICOM files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.