Poster-Medical Protocol Security: DICOM Vulnerability Mining Based on Fuzzing Technology

DICOM is an international standard for medical images and related information, and is a medical image format that can be used for data exchange. The agreement is widely used in medical fields such as radiology and cardiovascular imaging. However, since DICOM libraries have less security considerations in protocol implementation, they have a large number of security risks. Aiming at the security issue of DICOM libraries, the paper conducts research on vulnerability mining technology for DICOM open source libraries, proposes a vulnerability mining framework based on Fuzzing technology, and implements a prototype system named DICOM-Fuzzer, which includes initialization, test case generation, automatic test, exception monitoring and other modules. Finally, the open source library DCMTK was selected for testing, and it was found that data overflow would occur when the content of the received file was greater than 7080 lines. Found that there is a vulnerability that causes the PACS system to refuse service. In conclusion, the DICOM protocol does have risks, and its information security needs to be further improved.