Grassroots DICOM (GDCM)

This article details a vulnerability in Grassroots DICOM (GDCM) versions up to 3.0.24, which can cause application crashes and denial-of-service by exploiting out-of-bounds write issues when parsing malicious DICOM files. Mitigation involves updating affected software and following cybersecurity best practices. #CVE-2025-11266 #GrassrootsDICOM

Keypoints

A vulnerability in GDCM allows for out-of-bounds write, leading to crashes and denial-of-service attacks.
The flaw occurs when processing malformed DICOM files with encapsulated PixelData fragments.
Versions 3.0.24 and earlier of Grassroots DICOM are affected, along with SimpleITK and medInria.
Organizations are advised to update to GDCM v3.2.2 or later and implement cybersecurity defenses.
No remote exploitation is possible; attackers must open a malicious file locally.

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print

Grassroots DICOM (GDCM) | CISA