CVE-2024-24793

Name of the Vulnerable Software and Affected Versions libdicom version 1.0.5

Description A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom. This issue can be triggered by a specially crafted DICOM file, causing premature freeing of memory that is used later. The vulnerability occurs in the parse meta element create() function while parsing elements in the File Meta Information header. An attacker would need to induce the vulnerable application to process a malicious DICOM image to exploit this vulnerability.

Recommendations For libdicom version 1.0.5, consider disabling the parse meta element create() function until a patch is available to prevent exploitation. Restrict access to processing DICOM files from untrusted sources to minimize the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.