neurolabusc
commented
1 year ago @korbinian90 this suggests that the tool that created the NIfTI header did not initialize all bytes of the header to zero before writing. While we should certainly handle this situation, it also suggests a buffer-overflow vulnerability. In other words, some bytes of the header may contain private data that was stored in memory.
A clear example of this issue was seen in previous versions of the Siemens V* DICOM writing, where the private CSA header was not zeroed. Users could remove all the privacy related tags from a DICOM header, but private information was preserved and hidden in the CSA header. I did see examples of Siemens data where the patient name was accidentally hidden in CSA header. In theory, the benefit of the NIfTI header to the DICOM is it is much smaller and more explicit, so there are not many bytes that are not required to be allocated.
Therefore, I would be very concerned with your source data: do make sure that your tools explicitly zero the NIfTI header to ensure that bytes devoted to null-terminated strings do not leak private data.
korbinian90
hanayik
There are some pipelines that produce nifti files with an incoherent header that still can be opened with other viewers (e.g. mricro), but throw an error here.
The problem in the corrupted nifti files seems to be that the extensionFlag[0] (byte 348 + 1) is set, but there is no extension to load.
(I had users of niivue-vscode reporting that problem, documented here: https://github.com/niivue/niivue-vscode/issues/32)