CVE-2024-23914

MEDIUM

Merge DICOM Toolkit - Buffer Overflow

Title source: llm

Description

Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception.

References (1)

Core 1

Core References

Various Sources

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-23914

Scores

CVSS v3 5.7

EPSS 0.0026

EPSS Percentile 17.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-134

Status published

Products (1)

Merative/Merge DICOM Toolkit C/C++ v5.6.0 - v5.17.0

Published May 03, 2024

Tracked Since Feb 18, 2026