CVE-2024-28130 is a vulnerability classified under CWE-704 (Incorrect Type Conversion or Cast) found in the OFFIS DCMTK (DICOM Toolkit) version 3.6.8, specifically within the DVPSSoftcopyVOI_PList::createFromImage function. This function is responsible for processing image data in DICOM files, a standard format widely used in medical imaging. The vulnerability arises due to improper handling of type conversions or casts, which can be exploited by an attacker who crafts a malformed DICOM file. When this malicious file is processed by the vulnerable DCMTK library, it can trigger arbitrary code execution, potentially allowing the attacker to execute code in the context of the application processing the file. The CVSS v3.1 score of 7.5 reflects a high severity, with an attack vector of network (AV:N), no privileges required (PR:N), no user interaction (UI:N), and impact primarily on availability (A:H) but no direct confidentiality or integrity impact noted. The vulnerability does not require authentication or user interaction, increasing its risk profile. Currently, there are no known exploits in the wild, and no official patches have been released yet. DCMTK is widely used in healthcare environments for handling DICOM files, making this vulnerability particularly relevant to medical imaging systems and healthcare providers.

The primary impact of CVE-2024-28130 on European organizations lies in the healthcare sector, where DCMTK is commonly used for processing medical imaging data. Exploitation could lead to arbitrary code execution, potentially resulting in denial of service or unauthorized control over systems handling sensitive patient data. This could disrupt medical workflows, delay diagnostics and treatment, and compromise patient safety. Although confidentiality and integrity impacts are not explicitly stated, the ability to execute arbitrary code could be leveraged for further attacks, including data exfiltration or ransomware deployment. The lack of required privileges or user interaction means attackers could exploit this vulnerability remotely by delivering malicious DICOM files via network vectors such as PACS servers or medical imaging devices connected to hospital networks. Given the critical nature of healthcare services and strict regulatory requirements in Europe (e.g., GDPR, NIS Directive), exploitation could also lead to significant legal and reputational consequences.

1. Monitor OFFIS and related security advisories closely for the release of official patches addressing CVE-2024-28130 and apply them promptly. 2. Until patches are available, implement strict input validation and sanitization on all DICOM files before processing, ideally using whitelisting approaches to reject malformed or suspicious files. 3. Employ sandboxing or containerization techniques to isolate the DCMTK processing environment, limiting the potential impact of arbitrary code execution. 4. Restrict network access to systems processing DICOM files, especially from untrusted sources, and enforce strict access controls on PACS and imaging devices. 5. Conduct regular security audits and penetration tests focusing on medical imaging infrastructure to detect potential exploitation attempts. 6. Educate healthcare IT staff about this vulnerability and encourage vigilance when handling external imaging data. 7. Consider deploying network-level detection tools capable of identifying anomalous DICOM file traffic or malformed file patterns associated with this vulnerability.