Vulnerability DatabaseCVE-2024-24793

CVE-2024-24793:
Homebrew vulnerability analysis and mitigation

Overview

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. The vulnerability affects the File Meta Information header parsing functionality. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image (Talos Intelligence).

Technical details

The vulnerability occurs in the parsing of DICOM file elements where a double-free condition can be triggered. When processing elements with the same tag in the File Meta Information header, the code first frees the element in dcm_dataset_insert() and then attempts to free it again in parse_meta_element_create(). The vulnerability has been assigned a CVSSv3 score of 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified as CWE-416 (Use After Free) (Talos Intelligence).

Impact

The vulnerability can lead to memory corruption and possible arbitrary code execution on the targeted system. When exploited, it can cause the application to crash, as demonstrated by both ASAN-instrumented builds and regular builds of the library (Talos Intelligence).

Mitigation and workarounds

The vendor has issued a fix on Github.com. Users should update to the latest version of the library that contains the patch (Talos Intelligence).

Additional resources

Source: This report was generated using AI

Related Homebrew vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-22861	HIGH	8.8	Homebrew	iccdev	No	Yes	Jan 13, 2026
CVE-2026-22776	HIGH	8.7	Homebrew	cpp-httplib	No	Yes	Jan 12, 2026
CVE-2026-22783	HIGH	8.1	NixOS	iris	No	Yes	Jan 12, 2026
CVE-2026-21283	HIGH	7.8	Adobe Bridge	bridge	No	Yes	Jan 13, 2026
CVE-2026-22784	LOW	2.3	NixOS	lychee	No	Yes	Jan 12, 2026