CVE-2024-23914 MEDIUM

CVE-2024-23914

Vendor Merative
Product Merge DICOM Toolkit C/C++
Weakness CWE-134
Published May 3, 2024
Last update August 1, 2024

CVSS base score

5.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception.

Key dates

02Disclosure timeline

May 3, 2024 CVE published
August 1, 2024 Record updated