DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap

Researchers have detailed a heap overflow vulnerability affecting systems that process DICOM (Digital Imaging and Communications in Medicine) files, a standard widely used in medical imaging. The vulnerability can be triggered during the image upload process, potentially leading to an out-of-bounds write on an Orthanc server, a popular open-source PACS (Picture Archiving and Communication System) server.
DICOM parsing has been a significant area of research due to the critical nature of DICOM in healthcare and its inherent complexity. Hospitals depend on DICOM-based PACS systems, which often automatically ingest files received over networks. This automatic ingestion means that malformed data can directly exploit vulnerabilities in the decoders, presenting a substantial attack surface for those examining system robustness.

This specific case study demonstrates how a heap overflow vulnerability can be created by exploiting the DICOM file format. The research aims to illustrate how an Orthanc server can be targeted during the image upload phase, resulting in an out-of-bounds write. The analysis delves into the internal workings of DICOM parsing libraries and servers, examining how data is handled in memory.
While the source material mentions Pydicom and GDCM as relevant technologies in the DICOM ecosystem, it does not provide specific details about vulnerabilities within those libraries themselves. The focus of the provided information is on the exploitation of the DICOM format to impact an Orthanc server.
The implications of such a vulnerability could be severe, potentially allowing attackers to disrupt the availability of medical imaging systems or even execute arbitrary code on vulnerable servers. This could have significant consequences for healthcare operations, impacting patient care and data integrity.

The research highlights the importance of robust parsing and validation of DICOM files, especially in systems that automatically process incoming data. Secure coding practices and thorough testing of parsers are crucial to prevent such vulnerabilities from being exploited.
Further details on the specific exploitation techniques and the exact nature of the out-of-bounds write are not provided in the source material. However, the general principle involves crafting a malicious DICOM file that, when processed by the vulnerable Orthanc server, causes memory corruption on the heap.
Mitigation strategies would typically involve updating the affected software to patched versions once they become available. Additionally, implementing stricter input validation on incoming DICOM files before they are processed by the server can serve as a preventative measure. Network segmentation and access controls can also limit the potential impact of a successful exploit.





