Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-32131

8.8HIGH

Key Information:

Vendor: Sante
Status: Dicom Viewer Pro
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-32131?

An out-of-bounds write vulnerability exists in Sante DICOM Viewer Pro that can lead to remote code execution. The flaw occurs during the parsing of DCM image files, where specially crafted data can cause the application to write beyond the allocated memory buffer. This could enable an attacker to execute arbitrary code within the context of the current process. Exploitation of this vulnerability necessitates user interaction, as the victim must either open a malicious DCM file or visit a compromised webpage designed to deliver the harmful content.

Affected Version(s)

DICOM Viewer Pro 11.8.11.0

References

https://www.zerodayinitiative.com/advisories/ZDI-23-523/

x_research-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
May 3, 2023