CVE-2019-11687

Name of the Vulnerable Software and Affected Versions NEMA DICOM Standard versions 1995 through 2019b

Description An issue was discovered in the DICOM Part 10 File Format that allows the preamble of a DICOM file to contain the header for an executable file, such as Portable Executable (PE) malware. This can be exploited by executing a maliciously crafted file encoded in the DICOM Part 10 File Format. The vulnerability is particularly concerning in healthcare facilities, where anti-malware configurations often ignore medical imagery, and processing suspicious DICOM files could violate regulatory frameworks.

Recommendations For NEMA DICOM Standard versions 1995 through 2019b, consider implementing additional security measures to detect and prevent the execution of maliciously crafted DICOM files, such as enhancing anti-malware configurations to inspect medical imagery. As a temporary workaround, restrict the execution of files with the .dcm file extension that contain executable code.