Arbitrary Code Execution via Integer Overflow in Grassroots DICOM (GDCM) ImageRegionReader
CVE-2015-8396 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.
Learn more about our Web Application Penetration Testing UK.