CVE-2024-23913
Description
Use of out-of-range pointer offset in Merge DICOM Toolkit's MC_XML_To_Message() can cause memory access violation when processing malformed DICOM XML files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use of out-of-range pointer offset in Merge DICOM Toolkit's MC_XML_To_Message() can cause memory access violation when processing malformed DICOM XML files.
Vulnerability
Overview
CVE-2024-23913 is a CWE-823: Use of Out-of-range Pointer Offset vulnerability in Merative Merge DICOM Toolkit C/C++ on Windows. The affected component is the deprecated MC_XML_To_Message() function, which, when used to read a malformed DICOM XML file, can cause a memory access violation [1].
Attack
Vector and Exploitation
The vulnerability has a local attack vector (AV:L) with low attack complexity. An attacker can exploit this without any privileges or user interaction by supplying a crafted DICOM XML file to a system using the vulnerable function [1]. The issue affects versions from v5.0.0 up to v5.17.0.
Impact
According to the CVSS v3.1 score of 4.0 (Medium), the vulnerability impacts availability (A:L), potentially leading to a denial of service. No confidentiality or integrity impact is reported [1].
Mitigation
The vendor has released version 5.18.0 which addresses the issue. Users should update to this version or later [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.