Grassroots DICOM (GDCM)
Summary
A critical vulnerability (CVE-2026-3650) has been identified in Grassroots DICOM (GDCM) version 3.2.2. Successful exploitation allows an attacker to trigger a denial-of-service condition by sending a specially crafted file that causes excessive memory allocation and resource depletion.
IFF Assessment
This vulnerability allows for denial-of-service, which directly impacts the availability of critical systems in the healthcare sector.
Severity
Defender Context
This vulnerability in GDCM, used in the Healthcare and Public Health critical infrastructure sectors, poses a significant risk of denial-of-service attacks. Defenders should prioritize patching or mitigating this vulnerability to prevent service disruptions. Organizations should monitor for any potential exploitation attempts targeting DICOM parsing functionalities.