Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability
CVE-2023-35734

6.5MEDIUM

Key Information:

Vendor: Sante
Status: Dicom Viewer Pro
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-35734?

A vulnerability exists in the Sante DICOM Viewer Pro that affects how DCM files are parsed. Specifically, this vulnerability arises from the application's failure to validate the existence of an object before performing operations on it, leading to a use-after-free condition. As a result, remote attackers can exploit this flaw to disclose sensitive information on affected installations. This exploitation generally requires user interaction, whereby the targeted user must open a malicious file or visit a harmful webpage. Additionally, this vulnerability can be combined with other weaknesses to enable the execution of arbitrary code within the context of the affected process.

Affected Version(s)

DICOM Viewer Pro 12.2.4.0

References

https://www.zerodayinitiative.com/advisories/ZDI-23-970/

x_research-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Jun 15, 2023