Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it.
AnalysisAI
Malformed DICOM files with non-standard VR types trigger uncontrolled memory allocation in Grassroots DICOM (GDCM) library, enabling remote denial-of-service attacks without authentication. CISA ICS-CERT issued an ICSMA advisory (26-083-01) highlighting impacts to medical imaging systems that rely on GDCM for DICOM parsing. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Remote attacker sends a malformed DICOM file with non-standard VR types in file meta information to any application using Grassroots DICOM (GDCM) library. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates network-accessible exploitation with low complexity requiring no privileges or user interaction, resulting in high availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malformed DICOM file with invalid VR types in the file meta information header and delivers it to a target medical imaging system via network file transfer protocols (DICOM C-STORE), email attachment to radiology staff, or infected removable media. When the GDCM library parses the file, it allocates excessive heap memory without release, exhausting system resources and causing the PACS server or medical imaging workstation to become unresponsive, disrupting clinical workflows and potentially delaying patient care. |
| Remediation | Organizations using Grassroots DICOM library should monitor the official project repository at https://sourceforge.net/projects/gdcm/ and CISA advisory at https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-083-01 for patch availability and upgrade guidance. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all medical imaging systems and applications using GDCM library; document affected versions and deployment scope. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-401 – Memory Leak
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16450