### CVE-2024-42845 - **Vulnerability Type**: Remote Code Execution (RCE) - **Affected Tool**: A widely used open-source biomedical tool actively maintained and utilized for medical standard imaging in multiple universities and laboratories. ### Vulnerability Description - **Trigger Condition**: The vulnerability is triggered when importing a new DICOM file. - **Core Issue**: - In the `GetImagePosition` function, the `eval` function is used to process each value of the `Image Position (Patient)` tag (0x0020, 0x0032). - Since `eval` directly executes the input string, attackers can inject malicious Python code after the last coordinate value, leading to arbitrary code execution. ### Exploitation - **Exploitation Steps**: - Locate a valid DICOM file. - Modify or create its attribute at tag `(0x0020, 0x0032)`, appending a payload as the fourth value, separated by the `\` character. - Cause the victim or application to load the modified .DCM file. - **Exploitation Example**: Construct payload using `eval(exec([PAYLOAD]))`. ### Patch and Mitigation - **Fix**: The vulnerability has been patched and corrected in the latest release. - **Recommendation**: Support the security of open-source biomedical tools; avoid using dangerous functions like `eval` when processing untrusted data. ### Technical Details - **DICOM File Format**: A medical imaging standard, saved in .DCM format. - **Data Structure**: Contains numerous attributes such as patient ID, image position, series description, etc., allowing image data and metadata to be stored separately. - **Example Code**: Provides a Python script example for exploiting the vulnerability, intended for educational and research purposes. ### Summary This article thoroughly analyzes the DICOM file format and processing workflow, revealing the remote code execution risk caused by the misuse of Python’s `eval` function, and offers recommendations for vulnerability remediation and security protection.