Memory Corruption Vulnerability in Sante PACS Server DCM File Parser
CVE-2025-0568

7.5HIGH

Key Information:

Vendor: Sante
Status: Pacs Server
Vendor: CVE Published:; 30 January 2025

What is CVE-2025-0568?

The Sante PACS Server has a critical vulnerability in its DCM file parsing mechanism that can be exploited by remote attackers to trigger a denial-of-service condition. Due to inadequate validation of user-supplied data, an attacker can induce memory corruption, causing the server to crash or become unresponsive. Notably, this can occur without needing any form of authentication, making it easier for malicious actors to exploit this flaw and disrupt server availability.

Affected Version(s)

PACS Server 4.0.9

References

https://www.zerodayinitiative.com/advisories/ZDI-25-049/

x_research-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 19, 2025