CVE-2024-27629

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-27629
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27629.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-27629
Downstream
Published
2024-06-28T00:00:00Z
Modified
2026-05-18T05:58:50.035435445Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are used.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27629.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/rordenlab/dcm2niix

Affected ranges

Type
GIT
Repo
https://github.com/rordenlab/dcm2niix
Events
Introduced
6da50196f879a34fa32038bf3e2147d6116b057d
Fixed
e2ead4b3c3b6d9763ca17638c10e3b407bf3f21d

Affected versions

Other
20160606
v1.*
v1.0.20160930
v1.0.20161101
v1.0.20170130
v1.0.20170207
v1.0.20170331
v1.0.20170401
v1.0.20170402
v1.0.20170403
v1.0.20170428
v1.0.20170429
v1.0.20170528
v1.0.20170609
v1.0.20170621
v1.0.20170623
v1.0.20170624
v1.0.20170724
v1.0.20170818
v1.0.20170923
v1.0.20171017
v1.0.20171204
v1.0.20171215
v1.0.20180614
v1.0.20180622
v1.0.20181114
v1.0.20181125
v1.0.20190720
v1.0.20190902
v1.0.20200331
v1.0.20201102
v1.0.20210317
v1.0.20211006
v1.0.20220720
v1.0.20230411

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27629.json"