High severity8.1NVD Advisory· Published Apr 25, 2024· Updated Jun 17, 2026
CVE-2024-22373
CVE-2024-22373
Description
An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21- Range: <3.0.23
- osv-coords19 versionspkg:rpm/opensuse/gdcm&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/gdcm&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/gdcm&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/orthanc-authorization&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/orthanc-dicomweb&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/orthanc&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/orthanc-gdcm&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/orthanc-gdcm&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/orthanc-indexer&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/orthanc-mysql&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/orthanc-neuro&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/orthanc-postgresql&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/orthanc-python&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/orthanc-stl&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/orthanc-tcia&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/orthanc-wsi&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python-pyorthanc&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/gdcm&distro=SUSE%20Package%20Hub%2015%20SP5pkg:rpm/suse/gdcm&distro=SUSE%20Package%20Hub%2015%20SP6
< 3.0.24-bp155.2.4.1+ 18 more
- (no CPE)range: < 3.0.24-bp155.2.4.1
- (no CPE)range: < 3.0.24-bp156.2.4.1
- (no CPE)range: < 3.0.24-bp160.2.1
- (no CPE)range: < 0.10.3-bp160.1.1
- (no CPE)range: < 1.22-bp160.1.1
- (no CPE)range: < 1.12.10-bp160.1.1
- (no CPE)range: < 1.8-bp160.1.1
- (no CPE)range: < 1.7-1.1
- (no CPE)range: < 1.0-bp160.2.1
- (no CPE)range: < 5.2-bp160.2.1
- (no CPE)range: < 1.1-bp160.2.1
- (no CPE)range: < 10.0-bp160.1.1
- (no CPE)range: < 7.0-bp160.1.1
- (no CPE)range: < 1.2-bp160.2.1
- (no CPE)range: < 1.3-bp160.1.1
- (no CPE)range: < 3.3-bp160.1.1
- (no CPE)range: < 1.22.1-bp160.1.1
- (no CPE)range: < 3.0.24-bp155.2.4.1
- (no CPE)range: < 3.0.24-bp156.2.4.1
- Range: 3.0.23
Patches
Vulnerability mechanics
References
5- talosintelligence.com/vulnerability_reports/TALOS-2024-1935nvdExploitThird Party Advisory
- www.talosintelligence.com/vulnerability_reports/TALOS-2024-1935nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZJ4IG7EXMSMPHTK5ZFASCW6MHSOVZOE/nvdMailing List
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5HXUKUJ7SG3TK456SGUWVZ4Z5D7JKOL/nvdMailing List
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJA7QWWZWMY4AQFR35EA7S3CFVUTOQYG/nvdMailing List
News mentions
0No linked articles in our index yet.