Back to Intelligence

CVE-2026-3650: Grassroots DICOM (GDCM) Memory Leak — Detection and Mitigation

SA
Security Arsenal Team
April 12, 2026
5 min read

CISA has released advisory ICSMA-26-083-01 regarding a critical vulnerability in Grassroots DICOM (GDCM), a widely used library for handling DICOM medical imaging files. Tracked as CVE-2026-3650 (CVSS v3 7.5), this flaw affects version 3.2.2 and permits an unauthenticated attacker to trigger a Denial-of-Service (DoS) condition by sending a specifically malformed file. Given that GDCM is embedded in numerous PACS (Picture Archiving and Communication Systems), viewers, and research tools, this vulnerability poses a significant availability risk to Healthcare and Public Health sectors worldwide. Defenders must immediately identify systems running the affected library and apply vendor patches to prevent disruption of critical clinical workflows.

Technical Analysis

  • Affected Product: Grassroots DICOM (GDCM) v3.2.2.
  • CVE Identifier: CVE-2026-3650.
  • Vulnerability Type: Missing Release of Memory after Effective Lifetime (Memory Leak).
  • Mechanism: The vulnerability is triggered when the GDCM library parses DICOM files containing non-standard Value Representation (VR) types within the file meta information group. The parser fails to properly allocate and release memory for these malformed structures, leading to a continuous memory leak.
  • Impact: Successful exploitation results in resource exhaustion. As the application consumes available RAM, it eventually crashes or becomes unresponsive, causing a DoS. In a hospital environment, this can delay diagnostics and force system restarts.
  • Exploitation Status: Currently theoretical but high-risk due to the ease of crafting a malformed file (file-injection via email, web upload, or DICOM network protocol) and the high value of target systems. No active in-the-wild exploitation has been confirmed at the time of this advisory.

Detection & Response

Detecting this specific vulnerability at the network level is difficult because the malicious payload is a valid file structure (technically a file format violation) rather than a traditional exploit signature. Defense-in-depth requires monitoring for the delivery mechanisms (suspicious file creation) and the operational impact (application crashes).

SIGMA Rules

YAML
---
title: Potential Malicious DICOM File Creation via Script
id: 8a2b3c4d-5e6f-7g8h-9i0j-1k2l3m4n5o6p
status: experimental
description: Detects the creation of DICOM files (.dcm, .dicom, .dicm, .ima) by suspicious processes often used in staging or scripting attacks.
references:
  - https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-083-01
author: Security Arsenal
date: 2026/04/06
tags:
  - attack.initial_access
  - attack.t1566.001
logsource:
  category: file_creation
  product: windows
detection:
  selection:
    TargetFilename|endswith:
      - '.dcm'
      - '.dicom'
      - '.dicm'
      - '.ima'
  filter_legit:
    Image|contains:
      - '\PACS\'
      - '\Radiology\'
      - '\MedicalImaging\'
  condition: selection and not filter_legit
falsepositives:
  - Legitimate export of medical images by staff to non-standard directories.
level: medium
---
title: Application Crash Indicating Memory Exhaustion
id: 9b3c4d5e-6f7g-8h9i-0j1k-2l3m4n5o6p7q
status: experimental
description: Detects application crashes in common medical imaging viewers that may indicate a memory leak exploit attempt.
references:
  - https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-083-01
author: Security Arsenal
date: 2026/04/06
tags:
  - attack.impact
  - attack.t1499
logsource:
  category: application_restart
  product: windows
detection:
  selection:
    SubjectUserName|contains:
      - 'radiology'
      - 'pacs'
      - 'admin'
  condition: selection
falsepositives:
  - Routine application updates or known instability in legacy viewer software.
level: high

KQL (Microsoft Sentinel / Defender)

KQL — Microsoft Sentinel / Defender
// Hunt for creation of DICOM files by potentially suspicious processes
DeviceFileEvents
| where Timestamp > ago(7d)
| where FileName has_any ('.dcm', '.dicom', '.dicm', '.ima', '.acr', '')
| where InitiatingProcessFolderPath !contains @"Program Files" 
and InitiatingProcessFolderPath !contains @"Windows"
| project Timestamp, DeviceName, FileName, FolderPath, InitiatingProcessFileName, InitiatingProcessCommandLine, SHA256
| order by Timestamp desc

Velociraptor VQL

VQL — Velociraptor
-- Hunt for GDCM libraries and recent DICOM file modifications
SELECT 
  FullPath, 
  Mtime, 
  Size, 
  Sys.
  FROM glob(globs="/**/*.dcm")
WHERE Mtime > now() - 7d

-- Check for vulnerable GDCM binaries (Linux)
SELECT FullPath, Version
FROM glob(globs="/usr/lib/**/libgdcm*.so*")
WHERE parse_string(FullPath, regex="(?P<ver>3.2.2)")

Remediation Script (PowerShell)

PowerShell
<#
.SYNOPSIS
    Audit for vulnerable GDCM library versions on Windows endpoints.
.DESCRIPTION
    Scans common program directories for gdcm.dll and checks file version.
#>

$VulnerableVersion = "3.2.2"
$SearchPaths = @("C:\Program Files\", "C:\Program Files (x86)\")
$Findings = @()

foreach ($Path in $SearchPaths) {
    if (Test-Path $Path) {
        $Dlls = Get-ChildItem -Path $Path -Filter "gdcm.dll" -Recurse -ErrorAction SilentlyContinue
        foreach ($Dll in $Dlls) {
            $VersionInfo = $Dll.VersionInfo.FileVersion
            if ($VersionInfo -like "*$VulnerableVersion*") {
                $Findings += [PSCustomObject]@{
                    Path = $Dll.FullName
                    Version = $VersionInfo
                    Status = "VULNERABLE"
                }
            }
        }
    }
}

if ($Findings.Count -gt 0) {
    Write-Host "[ALERT] Vulnerable GDCM libraries found:" -ForegroundColor Red
    $Findings | Format-Table -AutoSize
} else {
    Write-Host "[INFO] No vulnerable GDCM 3.2.2 libraries found in standard paths." -ForegroundColor Green
}

Remediation

  1. Patch Immediately: Identify all software solutions utilizing the GDCM library. This includes open-source viewers (3D Slicer, ITK-SNAP), PACS servers, and custom research applications. Update to a version newer than GDCM 3.2.2. Consult your specific vendor's advisory for the patched version number.
  2. Vendor Coordination: If you use commercial medical devices relying on GDCM, contact the vendor immediately to request a patch containing the updated library.
  3. Network Segmentation: Restrict inbound traffic to DICOM ports (typically TCP/104) to trusted IP addresses only. While this does not stop file-based delivery (email/web), it protects the DICOM network service interface.
  4. Input Validation: Ensure perimeter security tools (mail gateways, web proxies) are configured to inspect file headers and block malformed or suspicious DICOM file uploads where feasible.
  5. Monitoring: Implement the Sigma rules provided above to detect potential exploit attempts or service crashes related to imaging workflows.

Reference:

Related Resources

Security Arsenal Healthcare Cybersecurity AlertMonitor Platform Book a SOC Assessment healthcare Intel Hub

healthcarehipaaransomwaregdcmcve-2026-3650dicomdenial-of-service

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action