Santesoft Sante DICOM Viewer Pro Stack-based Buffer Overflow
CVE-2023-35986

7.8HIGH

Key Information:

Vendor: Santesoft
Status: Sante Dicom Viewer Pro
Vendor: CVE Published:; 19 October 2023

What is CVE-2023-35986?

The Sante DICOM Viewer Pro has a significant vulnerability due to insufficient validation of user-supplied data during DICOM file parsing. This flaw may allow an attacker to exploit the system by initiating a stack-based buffer overflow, which can facilitate the execution of arbitrary code in the context of the affected process. Proper safeguards are essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

Sante DICOM Viewer Pro 0 <= 12.2.4

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2023
Vulnerability Reserved
Sep 12, 2023

Credit

Michael Heinzl reported these vulnerabilities to CISA.