CVE-2024-42845

HIGH

InVesalius <3.1.99998 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-42845. PoCs published by partywavesec, theexploiters.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2024-42845, which leverages an unsafe `eval()` call in Invesalius3's DICOM file parsing to achieve remote code execution. The exploit crafts a malicious DICOM file with embedded Python payloads executed via the vulnerable `GetImagePosition` function.

Description

An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.

Exploits (2)

nomisec WORKING POC 3 stars

by partywavesec · poc

https://github.com/partywavesec/invesalius3_vulnerabilities

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-42845, which leverages an unsafe `eval()` call in Invesalius3's DICOM file parsing to achieve remote code execution. The exploit crafts a malicious DICOM file with embedded Python payloads executed via the vulnerable `GetImagePosition` function.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Invesalius3 versions 3.1.99991 to 3.1.99998

No auth needed

Prerequisites: Valid DICOM file to modify · Victim must import the crafted DICOM file

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 2 stars

by theexploiters · poc

https://github.com/theexploiters/CVE-2024-42845-Exploit

View Code ZIP pw:eip

The repository contains a functional Python script that crafts a malicious DICOM file to exploit CVE-2024-42845, a Remote Code Execution (RCE) vulnerability in Invesalius 3.1. The exploit manipulates DICOM metadata to inject and execute arbitrary Python code upon file import.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Invesalius 3.1.99991 to 3.1.99998

No auth needed

Prerequisites: A valid DICOM file for modification · Victim interaction to import the crafted DICOM file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources

https://github.com/invesalius/invesalius3

Various Sources

https://github.com/invesalius/invesalius3/releases

Various Sources

https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845

View Writeup ZIP pw:eip

Various Sources

https://www.partywave.site/show/research/tic-tac-beware-of-your-scan

Scores

CVSS v3 8.0

EPSS 0.7107

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Published Aug 23, 2024

Tracked Since Feb 18, 2026