CVE-2024-25569 in Grassroot DICOM
Summary
by MITRE • 04/25/2024
An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 08/22/2025
The vulnerability identified as CVE-2024-25569 represents a critical out-of-bounds read condition within the RAWCodec::DecodeBytes function of the Grassroot DICOM library version 3.0.23. This flaw resides in the core decoding mechanism responsible for processing raw data within DICOM (Digital Imaging and Communications in Medicine) files, which are standard formats used for medical imaging data. The issue manifests when the library processes malformed or specially crafted DICOM files that contain invalid data structures, particularly within the raw byte sequences that the RAWCodec component is designed to interpret.
The technical implementation of this vulnerability stems from inadequate bounds checking within the DecodeBytes function, which fails to validate the size and boundaries of data being read from memory. When processing a malicious DICOM file, the function attempts to access memory locations beyond the allocated buffer boundaries, potentially reading from adjacent memory regions that may contain sensitive data or cause application instability. This type of vulnerability falls under the Common Weakness Enumeration category CWE-129, which specifically addresses improper validation of array indices and buffer bounds. The vulnerability is particularly dangerous in medical imaging environments where DICOM files are routinely processed and analyzed, as it could be exploited to extract confidential patient information or cause denial of service conditions that might impact critical medical workflows.
The operational impact of this vulnerability extends beyond simple data corruption or application crashes, as it presents a significant security risk within healthcare information systems. An attacker who successfully exploits this vulnerability could potentially trigger memory access violations that might lead to application termination, or worse, extract sensitive information from adjacent memory locations through careful manipulation of the input data. The attack vector requires the victim to process a malicious DICOM file, which could occur through various means including email attachments, medical imaging system integrations, or automated processing pipelines. This vulnerability aligns with ATT&CK technique T1203, which covers exploitation of software vulnerabilities, and represents a typical path for attackers to gain unauthorized access to systems processing sensitive medical data. The risk is particularly elevated in healthcare environments where DICOM files are frequently exchanged between different medical devices and systems, creating multiple potential entry points for exploitation.
Mitigation strategies for CVE-2024-25569 should prioritize immediate patching of the Grassroot DICOM library to version 3.0.24 or later, which contains the necessary fixes for the bounds checking implementation. Organizations should implement strict input validation measures for all DICOM files processed through their systems, including the use of automated scanning tools that can detect malformed DICOM structures before they reach the vulnerable decoding functions. Network segmentation and access controls should be reinforced around medical imaging systems to limit the potential impact of successful exploitation attempts. Additionally, security monitoring should be enhanced to detect unusual memory access patterns or application crashes that might indicate exploitation attempts. The vulnerability highlights the importance of maintaining up-to-date medical imaging software and implementing robust security practices in healthcare environments where sensitive patient data is continuously processed and transmitted.