Grassroots DICOM Vulnerability - Denial-of-Service Risk
Basically, a flaw in Grassroots DICOM can crash systems by using bad files.
A critical vulnerability in Grassroots DICOM (GDCM) could lead to denial-of-service attacks. Healthcare systems using this software are at risk. Immediate action is recommended to mitigate potential exploitation.
The Flaw
A serious vulnerability has been identified in the Grassroots DICOM (GDCM) library, specifically version 3.2.2. This flaw, tracked as CVE-2026-3650, allows attackers to exploit a memory leak when parsing malformed DICOM files. When these specially crafted files are processed, they can lead to excessive memory usage, ultimately resulting in a denial-of-service (DoS) condition. This means that systems relying on GDCM could become unresponsive or crash entirely.
The vulnerability arises from the handling of non-standard value representation (VR) types within the file meta information. Attackers can craft a malicious file that fills the heap memory in a single read operation without properly releasing it. This can cause significant resource depletion, impacting the availability of critical healthcare services that depend on this software.
What's at Risk
The affected software is widely used in the healthcare sector, making this vulnerability particularly concerning. Systems that utilize Grassroots DICOM for medical imaging and data management could be compromised, affecting patient care and operational efficiency. The potential for exploitation is high, given that the vulnerability allows for a straightforward attack vector through malformed files.
As of now, there have been no reports of public exploitation targeting this specific vulnerability. However, the risk remains significant, especially in environments where GDCM is deployed. Organizations must be vigilant in monitoring their systems for unusual activity that could indicate an attempted exploit.
Patch Status
Currently, the maintainer of Grassroots DICOM has not responded to requests from the Cybersecurity and Infrastructure Security Agency (CISA) to mitigate this vulnerability. Users are advised to check for updates on the software page on SourceForge, as no official patch has been released yet. The CVSS score for this vulnerability is 7.5, indicating a high severity level, which underscores the urgency for organizations to address this issue.
Organizations should perform a thorough impact analysis to understand how this vulnerability could affect their operations and take necessary precautions until a fix is available.
Immediate Actions
To minimize the risk of exploitation, CISA recommends several defensive measures:
- Limit network exposure for all control system devices, ensuring they are not accessible from the internet.
- Place control system networks and remote devices behind firewalls, isolating them from business networks.
- If remote access is necessary, utilize secure methods such as Virtual Private Networks (VPNs), while recognizing that VPNs should be kept up-to-date.
Additionally, organizations should implement cybersecurity strategies proactively. This includes educating staff about social engineering attacks and ensuring that they do not click on links or open attachments from unsolicited emails. Regular training can help mitigate risks associated with human error, which is often a significant factor in cybersecurity incidents.
CISA Advisories