Santesoft Sante DICOM Viewer Pro Out-of-bounds Write
CVE-2023-39431

7.8HIGH

Key Information:

Vendor: Santesoft
Status: Sante Dicom Viewer Pro
Vendor: CVE Published:; 19 October 2023

What is CVE-2023-39431?

Sante DICOM Viewer Pro has a critical weakness due to inadequate validation of user-supplied data during the parsing of DICOM files. This vulnerability could allow an attacker to perform out-of-bounds writes, which may culminate in unauthorized execution of arbitrary code within the application's current process. It underscores the importance of stringent data validation and security measures in software handling sensitive medical imaging data.

Affected Version(s)

Sante DICOM Viewer Pro 0 <= 12.2.4

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2023
Vulnerability Reserved
Sep 12, 2023

Credit

Michael Heinzl reported these vulnerabilities to CISA.