CVE-2024-42845 PoC — InVesalius 安全漏洞

Source

https://github.com/partywavesec/invesalius3_vulnerabilities

Associated Vulnerability

Title:InVesalius 安全漏洞 (CVE-2024-42845)
Description:InVesalius是InVesalius开源的一个三维医学影像重建软件。 InVesalius 3.1.99991至3.1.99998版本存在安全漏洞，该漏洞源于组件中存在eval注入问题，允许攻击者通过加载精心设计的DICOM文件执行任意代码。

Description

InVesalius discovered CVE. CVE-2024-42845

Readme

# invesalius3_vulnerabilities

## Intro

The https://github.com/invesalius/invesalius3 is the reference, an Open Source Project.

## Structure

Every vulnerability will have the following structure:
```
folder/
|_README.md
|_subfolder/
  |_artifacts
```
named as ```[CVE-ID]``` if a ID is assigned or as ```[VULN-NAME]``` or ```[TMP-{N}]``` if no ID is assigned.

Every ```folder/``` will have the contributors stated in ```README.md``` file.

## At the moment

POC available:

+ CVE-2024-42845
+ [partwave CVE-2024-42845](https://www.partywave.site/show/research/Tic%20TAC%20-%20Beware%20of%20your%20scan)

File Snapshot


 [4.0K]  /data/pocs/72498e44ec292e8963bb46d561e8d1e8ace07619
├── [4.0K]  CVE-2024-42845
│   ├── [2.1K]  exploit.py
│   ├── [2.0K]  README.md
│   └── [4.0K]  res
│       ├── [514K]  MRBRAIN.DCM
│       ├── [ 470]  rev_1.py
│       └── [1.1K]  rev_2.py
└── [ 607]  README.md

2 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!