Vulnerabilities > CVE-2015-8396 - Numeric Errors vulnerability in Grassroots Dicom Project Grassroots Dicom

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

grassroots-dicom-project

CWE-189

critical

nessus

exploit available

NVD

Published: 2016-01-12

Updated: 2018-10-09

Summary

Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.

Vulnerable Configurations

Part	Description	Count
Application	Grassroots_Dicom_Project Grassroots Dicom Project Grassroots Dicom 2.0.4 Grassroots Dicom Project Grassroots Dicom 2.0.5 Grassroots Dicom Project Grassroots Dicom 2.0.6 Grassroots Dicom Project Grassroots Dicom 2.0.7 Grassroots Dicom Project Grassroots Dicom 2.0.8 Grassroots Dicom Project Grassroots Dicom 2.0.9 Grassroots Dicom Project Grassroots Dicom 2.0.10 Grassroots Dicom Project Grassroots Dicom 2.0.11 Grassroots Dicom Project Grassroots Dicom 2.0.12 Grassroots Dicom Project Grassroots Dicom 2.0.13 Grassroots Dicom Project Grassroots Dicom 2.0.14 Grassroots Dicom Project Grassroots Dicom 2.0.15 Grassroots Dicom Project Grassroots Dicom 2.0.16 Grassroots Dicom Project Grassroots Dicom 2.0.17 Grassroots Dicom Project Grassroots Dicom 2.0.18 Grassroots Dicom Project Grassroots Dicom 2.0.19 Grassroots Dicom Project Grassroots Dicom 2.2.0 Grassroots Dicom Project Grassroots Dicom 2.2.1 Grassroots Dicom Project Grassroots Dicom 2.2.2 Grassroots Dicom Project Grassroots Dicom 2.2.3 Grassroots Dicom Project Grassroots Dicom 2.2.4 Grassroots Dicom Project Grassroots Dicom 2.2.5 Grassroots Dicom Project Grassroots Dicom 2.2.6 Grassroots Dicom Project Grassroots Dicom 2.4.0 Grassroots Dicom Project Grassroots Dicom 2.4.1 Grassroots Dicom Project Grassroots Dicom 2.4.2 Grassroots Dicom Project Grassroots Dicom 2.4.3 Grassroots Dicom Project Grassroots Dicom 2.4.4 Grassroots Dicom Project Grassroots Dicom 2.4.5 Grassroots Dicom Project Grassroots Dicom 2.4.6 Grassroots Dicom Project Grassroots Dicom 2.6.0 Grassroots Dicom Project Grassroots Dicom 2.6.1	32

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Exploit-Db

description	Grassroots DICOM (GDCM) 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow. CVE-2015-8396. Dos exploit for linux platform
file	exploits/linux/dos/39229.cpp
id	EDB-ID:39229
last seen	2016-02-04
modified	2016-01-12
platform	linux
port
published	2016-01-12
reporter	Stelios Tsampas
source	https://www.exploit-db.com/download/39229/
title	Grassroots DICOM GDCM 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow
type	dos

Nessus

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_E00D8B94C88A11E5B5FE002590263BF5.NASL
description	CENSUS S.A. reports : GDCM versions 2.6.0 and 2.6.1 (and possibly previous versions) are prone to an integer overflow vulnerability which leads to a buffer overflow and potentially to remote code execution. GDCM versions 2.6.0 and 2.6.1 (and possibly previous versions) are prone to an out-of-bounds read vulnerability due to missing checks.
last seen	2020-06-01
modified	2020-06-02
plugin id	88504
published	2016-02-01
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88504
title	FreeBSD : gdcm -- multiple vulnerabilities (e00d8b94-c88a-11e5-b5fe-002590263bf5)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Nessus

References