CVE-2024-42845 is an eval injection vulnerability identified in the InVesalius software, versions 3.1.99991 through 3.1.99998, specifically within the invesalius/reader/dicom.py component responsible for parsing DICOM files. The vulnerability arises because the software uses an unsafe eval function to process data from DICOM files, allowing an attacker to craft a malicious DICOM file that, when loaded, triggers arbitrary code execution on the host system. This type of vulnerability is classified under CWE-94 (Improper Control of Generation of Code), which is critical as it can lead to full system compromise. The attack vector is network-based (AV:N), requiring low attack complexity (AC:L), but does require privileges (PR:L) and user interaction (UI:R) to open the malicious file. The vulnerability affects confidentiality, integrity, and availability (all rated high), meaning attackers can steal sensitive patient data, alter imaging results, or disrupt system operations. No patches are currently listed, and no exploits are known in the wild, but the presence of an eval injection in a medical imaging context is highly concerning due to the sensitivity of healthcare data and the critical nature of medical devices and software. The vulnerability was published on August 23, 2024, and is tracked under CVE-2024-42845.

For European organizations, particularly healthcare providers and medical research institutions, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to sensitive patient imaging data, manipulation of diagnostic images, or disruption of medical workflows, potentially endangering patient safety. The confidentiality breach could violate GDPR regulations, leading to legal and financial repercussions. Integrity compromise might result in incorrect diagnoses or treatment plans. Availability impact could disrupt critical healthcare services. Since InVesalius is an open-source medical imaging tool used in various European hospitals and research centers, the threat surface is notable. The requirement for user interaction means social engineering or phishing campaigns could be used to deliver malicious DICOM files. The lack of known exploits currently provides a window for proactive defense, but the high CVSS score indicates urgent attention is needed.

Organizations should immediately audit their use of InVesalius software and restrict the loading of DICOM files from untrusted or unauthenticated sources. Implement strict file validation and sandboxing techniques to isolate the DICOM processing environment. Monitor for suspicious file activity and user behavior related to medical imaging software. Since no official patches are currently available, consider disabling or limiting the use of the vulnerable component until a fix is released. Educate staff on the risks of opening files from unknown sources and implement multi-factor authentication to reduce the risk of privilege escalation. Collaborate with InVesalius developers or community to track patch releases and apply updates promptly. Additionally, employ endpoint detection and response (EDR) solutions capable of detecting anomalous code execution patterns related to eval injection. Regularly back up critical data and maintain incident response plans tailored to healthcare environments.