CVE-2024-24794

Name of the Vulnerable Software and Affected Versions libdicom version 1.0.5

Description A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom. This issue can be triggered by a specially crafted DICOM file, causing premature freeing of memory that is used later. The vulnerability occurs in the parse meta sequence end() function while parsing the Sequence Value Representations. An attacker would need to induce the vulnerable application to process a malicious DICOM image to exploit this issue.

Recommendations For libdicom version 1.0.5, consider disabling the parse meta sequence end() function until a patch is available to prevent exploitation. Restrict access to processing DICOM images from untrusted sources to minimize the risk of triggering this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.