A critical directory traversal vulnerability in the pynetdicom library could allow an attacker to overwrite arbitrary files on the host system.

The qrscp application fails to sanitize instance identifiers provided in DICOM datasets. An attacker can craft a malicious dataset that utilizes directory traversal sequences within os.path.join(), resulting in file write operations outside the intended storage directory.

With a CVSS score of 9.1, this vulnerability poses a severe threat to system integrity. An attacker could overwrite configuration files, system binaries, or sensitive data, potentially leading to full system compromise or permanent denial of service.

Immediate Action: Update the pynetdicom library to the version specified by the vendor that implements path sanitization for C-STORE operations.

Proactive Monitoring: Monitor file system integrity for unexpected modifications to system directories or configuration files originating from the qrscp application process.

Compensating Controls: Run the qrscp application with the least-privileged user account possible to restrict the scope of file system access and contain potential damage.

Public Exploit Available: Unknown

Directory traversal vulnerabilities allowing arbitrary file writes are extremely dangerous. Organizations utilizing the pynetdicom library must identify and patch their implementations immediately to prevent unauthorized file system modifications and potential system takeover.