{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T13:05:34.628","vulnerabilities":[{"cve":{"id":"CVE-2024-24794","sourceIdentifier":"talos-cna@cisco.com","published":"2024-02-20T11:15:08.343","lastModified":"2025-11-04T19:16:58.070","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_sequence_end()` parsing the Sequence Value Represenations."},{"lang":"es","value":"Existe una vulnerabilidad de uuse-after-free en DICOM Element Parsing implementado en Imaging Data Commons libdicom 1.0.5. Un archivo DICOM especialmente manipulado puede provocar la liberación prematura de memoria que se utilizará más adelante. Para desencadenar esta vulnerabilidad, un atacante necesitaría inducir a la aplicación vulnerable a procesar una imagen DICOM maliciosa. El Use-After-Free ocurre en `parse_meta_sequence_end()` analizando las representaciones de valores de secuencia."}],"metrics":{"cvssMetricV31":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nih:libdicom:1.0.5:*:*:*:*:*:*:*","matchCriteriaId":"3CB47B53-5857-4971-ABF8-A3DA8CB79BC2"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1931","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1931","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1931","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}