CVE-2024-42845

HIGH

InVesalius <3.1.99998 - Code Injection

Title source: llm

Description

An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.

Exploits (2)

nomisec WORKING POC 3 stars

by partywavesec · poc

https://github.com/partywavesec/invesalius3_vulnerabilities

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by theexploiters · poc

https://github.com/theexploiters/CVE-2024-42845-Exploit

View Code ZIP pw:eip

References (4)

[Various Sources] https://github.com/invesalius/invesalius3

[Various Sources] https://github.com/invesalius/invesalius3/releases

[Various Sources] https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845

[Various Sources] https://www.partywave.site/show/research/tic-tac-beware-of-your-scan

Scores

CVSS v3 8.0

EPSS 0.7107

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Published Aug 23, 2024

Tracked Since Feb 18, 2026