CVE-2024-22391

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/	Mailing List
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924	Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/	Mailing List
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:grassroots_dicom_project:grassroots_dicom:3.0.23:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

History

21 Aug 2025, 18:04

Type	Values Removed	Values Added
CWE		CWE-787
First Time		Fedoraproject Grassroots Dicom Project Grassroots Dicom Project grassroots Dicom Fedoraproject fedora
CPE		cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:fedoraproject:fedora:40:::::::* cpe:2.3:o:fedoraproject:fedora:38:::::::* cpe:2.3:a:grassroots_dicom_project:grassroots_dicom:3.0.23:::::::*
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/ - Mailing List
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/ - Mailing List
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/ - Mailing List
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924 - Exploit, Third Party Advisory

Information

Published : 2024-04-25 15:16

Updated : 2025-08-21 18:04

NVD link : CVE-2024-22391

Mitre link : CVE-2024-22391

CVE.ORG link : CVE-2024-22391

JSON object : View

Products Affected

fedoraproject

fedora

grassroots_dicom_project

grassroots_dicom

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-787

Out-of-bounds Write

7.7 /10