Stack-based Buffer Overflow in MedDream PACS Server DICOM File Processing
CVE-2025-3482

7.8HIGH

Key Information:

Vendor: Meddream
Status: Pacs Server
Vendor: CVE Published:; 22 May 2025

What is CVE-2025-3482?

A vulnerability exists in the MedDream PACS Server, which is associated with DICOM file parsing. This flaw occurs due to insufficient validation of the data length from user-supplied DICOM files before copying it into a fixed-length stack buffer. As a consequence, remote attackers can exploit this vulnerability to execute arbitrary code without requiring authentication, placing the affected installations at significant risk.

Affected Version(s)

PACS Server MedDream PACS Premium 7.3.3.840

References

https://www.zerodayinitiative.com/advisories/ZDI-25-244/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2025

CVE-2025-3482 Data

JSON

Meddream

What is CVE-2025-3482?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline