Login Sign Up

CVE-2024-34509

5.3 MEDIUM
Denial of Service

📋 TL;DR

CVE-2024-34509 is a segmentation fault vulnerability in dcmdata component of DCMTK medical imaging toolkit. It allows denial of service attacks via specially crafted invalid DIMSE messages. Systems running DCMTK for medical image processing and communication are affected.

💻 Affected Systems

Products:
  • DCMTK (DICOM Toolkit)
Versions: All versions before 3.6.9
Operating Systems: Linux, Windows, macOS, Unix variants
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems using DCMTK for DICOM medical image processing and communication.

📦 What is this software?

Dcmtk by Offis

View all CVEs affecting Dcmtk →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of medical imaging systems, potentially affecting patient care workflows and diagnostic capabilities.

🟠

Likely Case

Application crash requiring manual restart, causing temporary service interruption in medical imaging workflows.

🟢

If Mitigated

Minimal impact with proper network segmentation and input validation in place.

🌐 Internet-Facing: MEDIUM - Exploitable via network messages but requires specific medical imaging protocols.
🏢 Internal Only: MEDIUM - Internal medical imaging networks could be targeted by malicious actors.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending malformed DIMSE messages over network to vulnerable DCMTK instances.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.9 and later

Vendor Advisory: https://support.dcmtk.org/redmine/issues/1114

Restart Required: Yes

Instructions:

1. Download DCMTK 3.6.9 or later from official repository. 2. Compile and install following build instructions. 3. Restart all DCMTK-dependent services.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict DICOM/DIMSE traffic to trusted medical imaging networks only.

iptables -A INPUT -p tcp --dport 104 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 104 -j DROP

Input Validation Proxy

all

Deploy a proxy that validates DIMSE messages before forwarding to DCMTK.

🧯 If You Can't Patch

  • Implement strict network access controls to limit DIMSE traffic to authorized sources only.
  • Monitor for application crashes and implement automated restart mechanisms for critical services.

🔍 How to Verify

Check if Vulnerable:

Check DCMTK version: dcmdump --version | grep 'OFFIS DCMTK'

Check Version:

dcmdump --version

Verify Fix Applied:

Verify version is 3.6.9 or later and test with valid DICOM communication.

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in DCMTK logs
  • Unexpected application termination
  • Core dumps from dcmtk processes

Network Indicators:

  • Malformed DIMSE messages on port 104/tcp
  • Unusual DICOM communication patterns

SIEM Query:

source="dcmtk.log" AND ("segmentation fault" OR "SIGSEGV" OR "core dumped")

📊 Metadata

CVE ID: CVE-2024-34509
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Published: May 5, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON