{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-25569", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-02-08T09:16:12.304Z", "datePublished": "2024-04-25T14:33:06.539Z", "dateUpdated": "2025-11-04T17:14:27.283Z"}, "containers": {"cna": {"affected": [{"vendor": "Grassroot DICOM", "product": "Grassroot DICOM", "versions": [{"version": "3.0.23", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE", "cweId": "CWE-125"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-05-05T02:06:02.000Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/"}], "credits": [{"lang": "en", "value": "Discovered by Emmanuel Tacheau of Cisco Talos."}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25569", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-25T16:13:29.734578Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:grassroots_dicom_project:grassroots_dicom:*:*:*:*:*:*:*:*"], "vendor": "grassroots_dicom_project", "product": "grassroots_dicom", "versions": [{"status": "affected", "version": "3.0.23"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:35:44.274Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1944"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:14:27.283Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1944"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:14:27.283Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25569", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-25T16:13:29.734578Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:grassroots_dicom_project:grassroots_dicom:*:*:*:*:*:*:*:*"], "vendor": "grassroots_dicom_project", "product": "grassroots_dicom", "versions": [{"status": "affected", "version": "3.0.23"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-25T16:11:28.734Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Emmanuel Tacheau of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Grassroot DICOM", "product": "Grassroot DICOM", "versions": [{"status": "affected", "version": "3.0.23"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-05-05T02:06:02.000Z"}}}, "cveMetadata": {"cveId": "CVE-2024-25569", "state": "PUBLISHED", "dateUpdated": "2025-11-04T17:14:27.283Z", "dateReserved": "2024-02-08T09:16:12.304Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-04-25T14:33:06.539Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:malaterre:grassroots_dicom:3.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "E201AAD0-CC88-4984-BAD5-3FB3787861E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de lectura fuera de los l\u00edmites en la funcionalidad RAWCodec::DecodeBytes de Mathieu Malaterre Grassroot DICOM 3.0.23. Un archivo DICOM especialmente manipulado puede provocar una lectura fuera de los l\u00edmites. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."}], "id": "CVE-2024-25569", "lastModified": "2025-11-04T18:15:52.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-04-25T15:16:04.697", "references": [{"source": "[email protected]", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/"}, {"source": "[email protected]", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/"}, {"source": "[email protected]", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1944"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "[email protected]", "type": "Secondary"}]}

{}