CVE-2024-24794 is a use-after-free vulnerability identified in the Imaging Data Commons libdicom library version 1.0.5, which is used for parsing DICOM medical imaging files. The vulnerability resides in the parse_meta_sequence_end() function responsible for parsing the Sequence Value Representations within DICOM files. When a specially crafted malicious DICOM file is processed, the function prematurely frees memory that is subsequently accessed, leading to a use-after-free condition. This type of memory corruption can be exploited to execute arbitrary code, cause application crashes, or lead to denial of service. The vulnerability has a CVSS 3.1 base score of 8.1, indicating high severity, with an attack vector over the network, no privileges required, no user interaction needed, but with high attack complexity. The scope is unchanged, but the impact on confidentiality, integrity, and availability is high, meaning an attacker could potentially gain control over the affected system or exfiltrate sensitive medical data. No patches or fixes have been published yet, and no known exploits are currently reported in the wild. The vulnerability affects only version 1.0.5 of libdicom, which is integrated into medical imaging workflows and software that handle DICOM files, a standard format for medical images such as MRIs and CT scans.

For European organizations, particularly those in the healthcare sector, this vulnerability poses a significant risk. Medical imaging systems that utilize libdicom 1.0.5 could be exploited remotely by attackers sending malicious DICOM files, potentially leading to unauthorized access to sensitive patient data, manipulation of medical images, or disruption of imaging services. This could undermine patient safety, violate data protection regulations such as GDPR, and cause operational downtime. The high confidentiality impact threatens patient privacy, while integrity and availability impacts could affect diagnostic accuracy and healthcare delivery. Given the critical role of medical imaging in diagnostics and treatment, exploitation could have severe consequences for healthcare providers and patients alike. Additionally, the lack of available patches increases the window of exposure until vendors release updates.

Until an official patch is released, European healthcare organizations should implement strict controls on the sources of DICOM files processed by systems using libdicom 1.0.5. This includes validating and sanitizing incoming DICOM files, employing network segmentation to isolate imaging systems, and restricting access to trusted users and devices only. Deploying intrusion detection systems (IDS) or anomaly detection tools that can flag unusual DICOM file structures or parsing errors may help detect exploitation attempts. Organizations should also monitor logs for crashes or abnormal behavior in imaging software. Coordinating with vendors to obtain updates or workarounds is critical. Additionally, applying defense-in-depth strategies such as application whitelisting, memory protection mechanisms (e.g., ASLR, DEP), and regular backups of imaging data can reduce impact. Training staff to recognize suspicious activity and maintaining incident response readiness are also recommended.