CVE-2025-11266

6.6 MEDIUM

Denial of Service

📋 TL;DR

An out-of-bounds write vulnerability in Grassroots DICOM library (GDCM) allows attackers to cause denial-of-service by crashing applications that parse malicious DICOM files. This affects any system using GDCM to process medical imaging files. The vulnerability is triggered simply by opening a specially crafted DICOM file.

💻 Affected Systems

Products:

• Grassroots DICOM library (GDCM)

Versions: Versions before v3.2.2

Operating Systems: All platforms running GDCM

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using GDCM to parse DICOM files with encapsulated PixelData fragments is vulnerable.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to denial-of-service for medical imaging systems, potentially disrupting healthcare workflows and patient care.

🟠

Likely Case

Application crashes when processing malicious DICOM files, causing temporary service disruption until restart.

🟢

If Mitigated

Limited impact with proper input validation and file scanning in place.

🌐 Internet-Facing: MEDIUM - Medical imaging systems with internet-accessible DICOM interfaces could be targeted.

🏢 Internal Only: MEDIUM - Internal medical imaging systems processing untrusted DICOM files remain vulnerable.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only file upload/opening, no authentication needed. Simple to trigger but currently only causes DoS.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.2.2

Vendor Advisory: https://github.com/malaterre/GDCM/releases/tag/v3.2.2

Restart Required: Yes

Instructions:

1. Download GDCM v3.2.2 from GitHub releases. 2. Replace existing GDCM installation. 3. Rebuild any applications using GDCM. 4. Restart affected services.

🔧 Temporary Workarounds

Input validation for DICOM files

all

Implement strict validation of DICOM files before processing, rejecting files with malformed PixelData fragments.

Sandbox DICOM processing

all

Isolate DICOM file processing in containerized or sandboxed environments to limit impact of crashes.

🧯 If You Can't Patch

• Implement network segmentation to isolate medical imaging systems
• Deploy file integrity monitoring on DICOM processing systems

🔍 How to Verify

Check if Vulnerable:

Copy

Check GDCM version: gdcm --version or examine library files. Versions before 3.2.2 are vulnerable.

Check Version:

Copy

gdcm --version 2>/dev/null || strings /usr/lib/libgdcm* | grep -i version

Verify Fix Applied:

Copy

Verify GDCM version is 3.2.2 or later and test with known safe DICOM files.

📡 Detection & Monitoring

Log Indicators:

• Segmentation fault errors in application logs
• Unexpected process termination of DICOM processing applications
• Core dump files in application directories

Network Indicators:

• Unusual DICOM file transfers from untrusted sources
• Multiple failed DICOM parsing attempts

SIEM Query:

Copy

source="application.logs" AND ("segmentation fault" OR "SIGSEGV") AND process="*gdcm*" OR "*dicom*"

📊 Metadata

CVE ID: CVE-2025-11266

CVSS v3 Score: 6.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CWE: CWE-787

EPSS Score: 0.02% exploit probability (3.7th percentile)

Published: December 12, 2025

Last Updated: January 20, 2026

🔗 References

• https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsma-25-345-01.json
• https://github.com/malaterre/GDCM/releases/tag/v3.2.2
• https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-345-01
• https://github.com/malaterre/GDCM/commit/5829c95c8ac3afa9a3a3413675e948959c28a789

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11266, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)

CVE-2018-6692 10.0

This vulnerability allows remote attackers to execute arbitrary code on Belkin Wemo Insight Smart Pl...

Same vulnerability type (CWE-787)