Grassroots DICOM (GDCM)

MonitorCVSS 6.6ICS-CERT ICSMA-25-345-01Dec 11, 2025

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A buffer overflow vulnerability (CWE-787) in DICOM file parsing allows an attacker to craft a malicious DICOM medical image file. If opened by an application using Grassroots DICOM (GDCM), SimpleITK, or medInria, the vulnerability causes application crash and denial of service. The vulnerability affects GDCM versions 3.0.24 and earlier, SimpleITK version 2.5.2 and earlier, and medInria version 4.0 and earlier.

What this means

What could happen

An attacker could craft a malicious DICOM medical image file that, when opened, crashes the application, disrupting diagnostic workflows or analysis that depends on the software.

Who's at risk

Healthcare IT staff and medical imaging facilities using GDCM, SimpleITK, or medInria for DICOM image processing and analysis. This affects diagnostic workstations, image management systems, and any software that processes DICOM files sourced from potentially untrusted origins.

How it could be exploited

An attacker creates a crafted DICOM file and tricks a user into opening it. When the application processes the malicious file, a memory corruption flaw (CWE-787 buffer overflow) causes the application to crash, resulting in denial of service.

Prerequisites

User must open or process a malicious DICOM file
DICOM file must be crafted to trigger the vulnerability during parsing
No network access required—this is a local file parsing vulnerability

Low complexityNo authentication requiredUser interaction required (file must be opened)Default DICOM file handling vulnerableNo patch available for SimpleITK and medInria

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (3)

1 with fix2 pending

ProductAffected VersionsFix Status

SimpleITK: <=2.5.2≤ 2.5.2No fix yet

medInria: <=4.0≤ 4.0No fix yet

Grassroots DICOM (GDCM): <=3.0.24≤ 3.0.243.2.2+

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Grassroots DICOM (GDCM): <=3.0.24

HOTFIXUpdate Grassroots DICOM (GDCM) to version 3.2.2 or later

All products

HOTFIXContact vendors of SimpleITK and medInria for patched versions addressing this vulnerability

Long-term hardening

0/1

HARDENINGRestrict access to DICOM file sources and establish procedures to validate DICOM files before opening them in production workflows

CVEs (1)

CVE-2025-11266

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4618c6a1-ce7d-4c4a-a49b-21c80b32c3f0

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.