CVE Vulnerabilities

CVE-2024-28130

Incorrect Type Conversion or Cast

Published: Apr 23, 2024 | Modified: Jun 27, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io minimus.io echohq.com

An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Weakness

The product does not correctly convert an object, resource, or structure from one type to a different type.

Affected Software

Name Vendor Start Version End Version
Dcmtk Offis 3.6.8 (including) 3.6.8 (including)
Dcmtk Ubuntu esm-apps/focal *
Dcmtk Ubuntu esm-apps/jammy *
Dcmtk Ubuntu focal *
Dcmtk Ubuntu jammy *

References