CVE-2024-52333

HighPublic PoC

Published: 13 January 2025

Published

13 January 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0007 22.2th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-52333 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Offis Dcmtk. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 22.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the vulnerability by requiring timely remediation through application of the vendor patch addressing the improper array index validation in DCMTK's determineMinMax function.

SI-10 Information Input Validation good match

prevent

Requires validation of DICOM file inputs to enforce proper array index bounds checking, preventing out-of-bounds writes from specially crafted files.

SI-16 Memory Protection partial match

prevent

Implements memory protections such as non-executable stacks and address randomization to mitigate exploitation of the out-of-bounds write vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Local memory corruption (OOB write) via crafted DICOM file directly enables exploitation for privilege escalation (T1068) and is delivered/executed as a malicious file (T1204.002).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

Deeper analysisAI

CVE-2024-52333 is an improper array index validation vulnerability in the determineMinMax functionality of OFFIS DCMTK version 3.6.8. The flaw allows a specially crafted DICOM file to trigger an out-of-bounds write, classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). It received a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on January 13, 2025.

A local attacker with low complexity and no privileges or user interaction required can exploit this vulnerability by providing a malicious DICOM file to a vulnerable DCMTK instance. Successful exploitation leads to high confidentiality, integrity, and availability impacts through the out-of-bounds write.

Mitigation is addressed in a DCMTK git commit (03e851b0586d05057c3268988e180ffb426b2e03), with detailed analysis in the Talos Intelligence report TALOS-2024-2121. Debian LTS users should refer to the announcement at lists.debian.org/debian-lts-announce/2025/01/msg00032.html for patched packages.