CVE-2025-25474: DCMTK v3.6.9+ DEV Buffer Overflow Vulnerability in /dcmimgle/diinpxt.h

A new vulnerability has been discovered in DCMTK v3.6.9+ DEV, the widely used open-source collection of libraries and applications for handling DICOM (Digital Imaging and Communications in Medicine) format images. This security vulnerability, identified as CVE-2025-25474, is caused by a buffer overflow in the /dcmimgle/diinpxt.h component, which can lead to potential attacks. In this post, we will take a deep dive into the details of this vulnerability, discuss its implications, and explore how to patch your systems to protect against this issue.

Description and Exploit Details

A buffer overflow occurs when an application writes more data to a buffer (a temporary data storage area) than it can hold, causing the excess data to overwrite important information needed for the execution of the software. In the case of CVE-2025-25474, the buffer overflow vulnerability originates from the '/dcmimgle/diinpxt.h' component. The component is responsible for processing pixel data of DICOM images, and the bug may result in memory corruption and executable code injection by an attacker.

To better understand the problem, let's take a look at the code snippet from the /dcmimgle/diinpxt.h file:

template<class T>
inline DiInputPixelTemplate<T>::DiInputPixelTemplate(const DiDocument *docu, const EI_Status status, const int bits)
  : Count()
{
    if ((Document = docu) != NULL)
    {
        if (status == EIS_Normal)
        {
            if (bits == )
                BitsPerSample = Document->getBits();
            else
                BitsPerSample = bits;
            MaxValue = new T[((size_t)1 << Document->getBits()) - 1];

The problem lies in the last line of the code snippet where the MaxValue buffer size is calculated. The value of the buffer depends on the input DICOM image file, and if a malformed image with an incorrect 'bits' value is input, it can lead to the incorrect allocation of space for the MaxValue buffer. Consequently, an attacker can take advantage of this vulnerability, overflow the buffer, and potentially execute arbitrary code on the affected system.

How to Patch

The DCMTK team has already been made aware of this issue and has released a patch in their repository. We recommend following the instructions mentioned below to apply the patch to your systems and eliminate the risk of exploitation from CVE-2025-25474:

Update your systems to the latest version of the DCMTK libraries and applications.

2. If using a packaged version of the DCMTK, please contact your respective package maintainer to obtain the patched version.

The following resources provide additional information on CVE-2025-25474

1. DCMTK - GitHub repository
2. DICOM Standards - Information
3. CVE-2025-25474 - MITRE CVE Details

Conclusion

CVE-2025-25474 is a serious vulnerability that can lead to potential attacks on systems running DCMTK v3.6.9+ DEV. It is essential to patch the affected component in the DCMTK library and stay vigilant for any new security vulnerabilities that may be discovered. Stay updated by keeping track of the DCMTK libraries, subscribing to security bulletins, and always applying the latest security patches available for your systems.

Timeline

Published on: 02/18/2025 23:15:10 UTC
Last modified on: 02/20/2025 22:15:31 UTC