← Back to home
ICSMA-25-345-01  ·  Published 2025-12-11  ·  View on CISA ICS-CERT ↗

Grassroots DICOM (GDCM)

CVSS 6.6 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to craft a malicious DICOM file and, if opened, could crash the application resulting in a denial-of-service condition.

CVEs (1)

Remediations

  • The maintainer of the software recommends users update Grassroots DICOM (GDCM) to v3.2.2 or later from the main GitHub repository.
  • SimpleITK and medInria have both released fixes for the vulnerability.

Affected Vendors

Grassroots

Affected Products (3)

Grassroots · Grassroots DICOM (GDCM) <=3.0.24
Grassroots · SimpleITK <=2.5.2
Grassroots · medInria <=4.0

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more