Disclosed
CVE-2024-47796
An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
Exploitation Probability (EPSS)
Low Priority0.06%
The Exploit Prediction Scoring System (EPSS) uses machine learning to estimate the probability that a vulnerability will be exploited in the wild within the next 30 days.
0% (Theoretical)100% (Certainty)
7-Day Exploitation Trend
Vulnerability Timeline
2 eventsJan 13, 2025
Vulnerability Disclosed
Published to component-level vulnerability database.
Nov 3, 2025
Last Updated
Record updated with new analysis or tags.
Threat Actor Attribution
PREMIUM INTELAssociated Groups:Lazarus Group, APT28
Ransomware Campaigns:LockBit 3.0, BlackCat
IoCs (Indicators):14 IPs, 3 Hashes
Remediation & Mitigation
SOLUTIONOfficial patches and mitigation steps are available for this vulnerability.
# Update Command
apt-get update && apt-get upgrade -y specific-package
# Verify installation
dpkg -l | grep package-name
apt-get update && apt-get upgrade -y specific-package
# Verify installation
dpkg -l | grep package-name
Affected Products
1 Total
offis/dcmtk3.6.8
References
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6Dcmtk
Patch
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2122Talosintelligence
ExploitThird Party Advisory
https://lists.debian.org/debian-lts-announce/2025/01/msg00032.htmlDebian
https://lists.debian.org/debian-lts-announce/2025/06/msg00025.htmlDebian
Am I Vulnerable?
Check your domain or package.json for CVE-2024-47796 exposure.
Vulnerability Details
CVSS Base Score
8.4/ 10
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published Date
Jan 13, 2025
Last Modified
Nov 3, 2025
Need Manual Validation?
Automated scanners flag false positives. Get a manual pentest validation for this CVE.