DICOM PS3.17 2024a - Explanatory Information

YYYY.6.2 File Format

The DICOM File Format has security considerations that will apply whenever that format is used, e.g., for the Inventory SOP Instances or the referenced DICOM SOP Instances in the repository. See Section 7.5 “Security Considerations for DICOM File Format” in PS3.10.

The ZIP and TAR container file formats, which are defined formats for DICOM data in the repository, are known to have vulnerabilities and to be the target of malware attacks. Implementations that create or read container files should utilize appropriate defenses and safeguards such as:

Applications that store container files for later use by other systems should consider the environments of those systems. This means the scanning and validation should detect attacks against at least Windows, MacOS, and Linux operating systems and applications.

Container files should not contain any directly or indirectly executable content (see Section P.1.2 “Container File Formats” in PS3.3). Container content validation should include a test for any form of executable content and consider the detection of executable content to be a risk of malicious content. The presence of malicious content may indicate a security breach of the source system or other upstream system.

DICOM PS3.17 2024a - Explanatory Information