Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability
CVE-2023-34294

6.5MEDIUM

Key Information:

Vendor: Sante
Status: Dicom Viewer Pro
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-34294?

The vulnerability in Sante DICOM Viewer Pro stems from improper handling of DCM file parsing, leading to a use-after-free condition. This flaw permits remote attackers to exploit the application by enticing users to interact with a malicious web page or file. The vulnerability allows attackers to potentially disclose sensitive information due to the program's failure to validate the existence of objects prior to execution. This weakness could further enable exploitation in combination with other vulnerabilities, facilitating arbitrary code execution in the context of the affected process.

Affected Version(s)

DICOM Viewer Pro 12.2.3.0

References

https://www.zerodayinitiative.com/advisories/ZDI-23-853/

x_research-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
May 31, 2023