DICOM Demystified: Exploring the Underbelly of Medical Imaging

Team82's report analyzes the DICOM medical-imaging protocol and reveals multiple vulnerabilities in DCMTK and PACS implementations (including CVE-2022-2119, CVE-2022-2120, CVE-2022-2121 and a 9.8 CVSS unauthenticated RCE in Softneta MedDream) that enable denial-of-service, remote code execution, and arbitrary file operations; the research also identifies thousands of internet-exposed PACS servers and millions of unprotected DICOM files in public cloud buckets, demonstrates exploitation and image tampering scenarios that could affect patient care, and documents real-world data leaks.