Listen to this Post
How the CVE Works
CVE-2025-2357 is a critical memory corruption vulnerability in DCMTK 3.6.9, specifically affecting the `dcmjpls` JPEG-LS decoder. The flaw occurs due to improper handling of crafted JPEG-LS images, leading to out-of-bounds memory access. Attackers can exploit this remotely by sending malicious DICOM files containing specially formatted JPEG-LS data. When processed, the decoder fails to validate input boundaries, corrupting heap memory and potentially allowing arbitrary code execution. The exploit leverages improper buffer management in the `dcmjpls` library, triggering undefined behavior. Publicly disclosed PoCs demonstrate reliable exploitation, making patch application urgent.
DailyCVE Form
Platform: DCMTK
Version: 3.6.9
Vulnerability: Memory corruption
Severity: Critical
Date: 06/23/2025
Prediction: Patch by 07/15/2025
What Undercode Say
Check vulnerable version: dcmdump --version | grep "3.6.9" Exploit PoC (simplified): python3 exploit.py -i malicious.dcm -o crash.log Mitigation test: git apply 3239a7915.patch
How Exploit
- Craft malicious DICOM file with corrupt JPEG-LS data.
- Trigger decoder via `dcmj2pnm` or network DICOM services.
- Overflow heap buffers to hijack control flow.
Protection from this CVE
- Apply patch
3239a7915. - Disable JPEG-LS decoding if unused.
- Filter untrusted DICOM files.
Impact
- Remote code execution.
- System compromise via medical imaging files.
- Critical risk in healthcare PACS systems.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
