CVE-2025-53619 HIGH

CVE-2025-53619

Vendor Grassroot Dicom
Product Grassroot DICOM
Weakness CWE-119
Published December 16, 2025
Last update December 17, 2025

CVSS base score

7.4/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `null_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data

Key dates

02Disclosure timeline

December 16, 2025 CVE published
December 17, 2025 Record updated