Arbitrary Code Execution via Integer Overflow in Grassroots DICOM (GDCM) ImageRegionReader

Arbitrary Code Execution via Integer Overflow in Grassroots DICOM (GDCM) ImageRegionReader

CVE-2015-8396 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.

Learn more about our Web Application Penetration Testing UK.