CVE-2024-47796
Published: 13 January 2025
Summary
CVE-2024-47796 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Offis Dcmtk. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 23.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-47796 is an improper array index validation vulnerability in the nowindow functionality of OFFIS DCMTK version 3.6.8. The flaw enables a specially crafted DICOM file to trigger an out-of-bounds write, classified under CWE-119 with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A local attacker requires no privileges or user interaction to exploit this vulnerability by providing a malicious DICOM file to an affected DCMTK instance. Successful exploitation can result in high-impact consequences, including unauthorized data disclosure, modification, or system disruption due to the out-of-bounds write.
Mitigation is addressed in the DCMTK git commit 89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6, as detailed in the Talos Intelligence advisory TALOS-2024-2122. Debian LTS announcements confirm patches for affected systems in their January and June 2025 updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-42665
Vulnerability details
An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local out-of-bounds write via crafted file enables memory corruption that can be leveraged for privilege escalation or arbitrary code execution on the host.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through patching directly eliminates the improper array index validation vulnerability in DCMTK, preventing out-of-bounds writes from specially crafted DICOM files.
Information input validation enforces proper bounds checking on DICOM file arrays, directly addressing the improper array index validation that leads to out-of-bounds writes.
Memory protection mechanisms like non-executable memory and address space randomization mitigate the exploitability of out-of-bounds writes triggered by malformed DICOM files.