CVE-2024-27628 – A buffer overflow vulnerability in DCMTK v3.6.8... (How to Fix)

Q: What is the severity of CVE-2024-27628?

CVE-2024-27628 has a CVSS score of 8.1 (HIGH). A buffer overflow vulnerability in DCMTK v3.6.8 allows attackers to execute arbitrary code via the EctEnhancedCT method component. This affects systems running vulnerable versions of DCMTK, particularly those processing medical imaging data. Attackers could potentially gain control of affected systems.

📋 TL;DR

A buffer overflow vulnerability in DCMTK v3.6.8 allows attackers to execute arbitrary code via the EctEnhancedCT method component. This affects systems running vulnerable versions of DCMTK, particularly those processing medical imaging data. Attackers could potentially gain control of affected systems.

💻 Affected Systems

Products:

DCMTK (DICOM Toolkit)

Versions: v3.6.8 (specifically affected version mentioned in CVE)

Operating Systems: All platforms running DCMTK

Default Config Vulnerable: ⚠️ Yes

Notes: Systems using DCMTK for medical imaging processing are particularly vulnerable when handling untrusted DICOM files.

📦 What is this software?

Dcmtk by Offis

View all CVEs affecting Dcmtk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Service disruption, denial of service, or limited code execution depending on exploit constraints.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented.

🌐 Internet-Facing: HIGH - If DCMTK services are exposed to untrusted networks, attackers can exploit this remotely.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Buffer overflow vulnerabilities typically require some expertise to exploit reliably, but public details may lower the barrier.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check latest DCMTK releases after v3.6.8

Vendor Advisory: https://support.dcmtk.org/redmine/issues/1108

Restart Required: Yes

Instructions:

1. Check current DCMTK version. 2. Update to latest patched version from official DCMTK repository. 3. Restart affected services. 4. Verify the fix.

🔧 Temporary Workarounds

Disable vulnerable component

all

Disable or restrict access to EctEnhancedCT functionality if not required

Configuration dependent - modify DCMTK configuration to disable affected module

Network segmentation

linux

Isolate DCMTK services from untrusted networks

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="0.0.0.0/0" port port="104" protocol="tcp" reject'
ufw deny 104/tcp

🧯 If You Can't Patch

Implement strict input validation and sanitization for DICOM files
Deploy application-level firewalls or WAFs to filter malicious traffic

🔍 How to Verify

Check if Vulnerable:

Check DCMTK version: dcmtk-config --version or examine installed packages

Check Version:

dcmtk-config --version 2>/dev/null || rpm -qa | grep -i dcmtk || dpkg -l | grep -i dcmtk

Verify Fix Applied:

Verify updated version and test with known safe DICOM files

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from DCMTK services
Memory access violations in system logs
Abnormal network connections from DCMTK processes

Network Indicators:

Unusual DICOM traffic patterns
Exploit attempts on DICOM ports (typically 104)

SIEM Query:

source="dcmtk.log" AND (event_type="buffer_overflow" OR event_type="segmentation_fault")

📊 Metadata

CVE ID: CVE-2024-27628

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-120

Published: June 28, 2024

Last Updated: June 11, 2025

🔗 References

https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3 Patch
https://support.dcmtk.org/redmine/issues/1108 Exploit,Vendor Advisory
https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3 Patch
https://support.dcmtk.org/redmine/issues/1108 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27628, you might also want to check these: