VYPR
Medium severity6.6OSV Advisory· Published Dec 12, 2025· Updated Apr 15, 2026

CVE-2025-11266

CVE-2025-11266

Description

An out-of-bounds write vulnerability exists in the Grassroots DICOM library (GDCM). The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments (compressed image data stored as multiple fragments). This vulnerability leads to a segmentation fault caused by an out-of-bounds memory access due to unsigned integer underflow in buffer indexing. It is exploitable via file input, simply opening a crafted malicious DICOM file is sufficient to trigger the crash, resulting in a denial-of-service condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • GDCM/GDCMOSV2 versions
    v2.0.12, v2.0.16, v2.0.17, …+ 1 more
    • (no CPE)range: v2.0.12, v2.0.16, v2.0.17, …
    • (no CPE)

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.