{"id":"CVE-2024-27629","details":"An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are used.","modified":"2026-05-18T05:58:50.035435445Z","published":"2024-06-28T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27629.json","cna_assigner":"mitre"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27629.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27629"},{"type":"FIX","url":"https://github.com/rordenlab/dcm2niix/pull/789"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rordenlab/dcm2niix","events":[{"introduced":"6da50196f879a34fa32038bf3e2147d6116b057d"},{"fixed":"e2ead4b3c3b6d9763ca17638c10e3b407bf3f21d"}]}],"versions":["v1.0.20230411","v1.0.20220720","v1.0.20211006","v1.0.20210317","v1.0.20201102","v1.0.20200331","v1.0.20190902","v1.0.20190720","v1.0.20181125","v1.0.20181114","v1.0.20180622","v1.0.20180614","v1.0.20171215","v1.0.20171204","v1.0.20171017","v1.0.20170923","v1.0.20170818","v1.0.20170724","v1.0.20170624","v1.0.20170623","v1.0.20170621","v1.0.20170609","v1.0.20170528","v1.0.20170429","v1.0.20170428","v1.0.20170403","v1.0.20170402","v1.0.20170401","v1.0.20170331","v1.0.20170207","v1.0.20170130","v1.0.20161101","v1.0.20160930","20160606"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27629.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}