OTPulse
FeedAboutContact

Grassroots DICOM (GDCM)

Monitor6.6ICS-CERT ICSMA-25-345-01Dec 11, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A buffer overflow vulnerability in DICOM file parsing within Grassroots DICOM (GDCM) versions 3.0.24 and earlier, SimpleITK 2.5.2 and earlier, and medInria 4.0 and earlier allows a crafted DICOM file to crash the application when opened. This results in a denial-of-service condition affecting image processing and diagnostic workflows. The vulnerability requires user interaction (opening a file) and is not remotely exploitable.

What this means
What could happen
An attacker could crash a medical imaging or analysis application by crafting a malicious DICOM file, causing denial of service and interrupting diagnostic workflows or image processing operations.
Who's at risk
Hospital and medical imaging departments that use GDCM, SimpleITK, or medInria for DICOM image processing and analysis. This includes radiology workstations, diagnostic imaging software, and research or analysis systems that handle medical imaging data.
How it could be exploited
An attacker crafts a malicious DICOM (Digital Imaging and Communications in Medicine) file and tricks a user into opening it in a vulnerable application (GDCM, SimpleITK, or medInria). The file triggers a buffer overflow that crashes the application, stopping any active image processing or analysis.
Prerequisites
  • User action required: user must open a malicious DICOM file in a vulnerable application
  • Vulnerable application must be installed and used to view DICOM files
  • Local file access or ability to deliver file to user (e.g., email, shared folder, removable media)
Low complexityUser interaction requiredAffects medical diagnostic workflow availability
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (3)
1 with fix2 pending
ProductAffected VersionsFix Status
SimpleITK: <=2.5.2≤ 2.5.2No fix yet
medInria: <=4.0≤ 4.0No fix yet
Grassroots DICOM (GDCM): <=3.0.24≤ 3.0.243.2.2 or later
Remediation & Mitigation
0/5
Do now
0/1
HARDENINGEducate users not to open DICOM files from untrusted or unexpected sources, especially in email or external media
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

Grassroots DICOM (GDCM): <=3.0.24
HOTFIXUpdate Grassroots DICOM (GDCM) to version 3.2.2 or later from the GitHub repository
All products
HOTFIXUpdate SimpleITK to the latest patched version released by the vendor
HOTFIXUpdate medInria to the latest patched version released by the vendor
Long-term hardening
0/1
HARDENINGRestrict file access and implement controls to prevent users from opening files from external sources without validation
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4618c6a1-ce7d-4c4a-a49b-21c80b32c3f0
Grassroots DICOM (GDCM) | CVSS 6.6 - OTPulse