{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-22391", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-01-23T14:10:22.981Z", "datePublished": "2024-04-25T14:33:07.730Z", "dateUpdated": "2025-11-04T17:14:18.583Z"}, "containers": {"cna": {"affected": [{"vendor": "Grassroot DICOM", "product": "Grassroot DICOM", "versions": [{"version": "3.0.23", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE", "cweId": "CWE-119"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-05-05T02:06:00.351Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/"}], "credits": [{"lang": "en", "value": "Discovered by Emmanuel Tacheau of Cisco Talos."}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22391", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-26T16:00:04.802210Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:grassroot:grassroot_platform:-:*:*:*:*:*:*:*"], "vendor": "grassroot", "product": "grassroot_platform", "versions": [{"status": "affected", "version": "3.0.2.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:52:29.057Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1924"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:14:18.583Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1924"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:14:18.583Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22391", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-26T16:00:04.802210Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:grassroot:grassroot_platform:-:*:*:*:*:*:*:*"], "vendor": "grassroot", "product": "grassroot_platform", "versions": [{"status": "affected", "version": "3.0.2.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-26T15:58:12.504Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Emmanuel Tacheau of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Grassroot DICOM", "product": "Grassroot DICOM", "versions": [{"status": "affected", "version": "3.0.23"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/"}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-05-05T02:06:00.351Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22391", "state": "PUBLISHED", "dateUpdated": "2025-11-04T17:14:18.583Z", "dateReserved": "2024-01-23T14:10:22.981Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-04-25T14:33:07.730Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:grassroots_dicom_project:grassroots_dicom:3.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "E6B7DD0D-B5C1-4AC1-ACFC-4EBD39E460D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en la funcionalidad LookupTable::SetLUT de Mathieu Malaterre Grassroot DICOM 3.0.23. Un archivo con formato incorrecto especialmente manipulado puede provocar da\u00f1os en la memoria. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."}], "id": "CVE-2024-22391", "lastModified": "2025-11-04T18:15:50.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.5, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-04-25T15:16:04.100", "references": [{"source": "[email protected]", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/"}, {"source": "[email protected]", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/"}, {"source": "[email protected]", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1924"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "[email protected]", "type": "Primary"}]}

{}