Buffer Overflow Vulnerability in MedDream PACS Server Software
CVE-2025-3484

9.8CRITICAL

Key Information:

Vendor: Meddream
Status: Pacs Server
Vendor: CVE Published:; 22 May 2025

What is CVE-2025-3484?

The MedDream PACS Server contains a vulnerability related to the processing of DICOM files, where the server does not adequately validate the length of user-supplied data before it is copied into a fixed-length stack buffer. This oversight permits attackers to execute arbitrary code remotely without requiring authentication, potentially leading to unauthorized system control and data compromise.

Affected Version(s)

PACS Server MedDream PACS Premium 7.3.3.840

References

https://www.zerodayinitiative.com/advisories/ZDI-25-242/

x_research-advisory

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2025

CVE-2025-3484 Data

JSON

Meddream

What is CVE-2025-3484?

Affected Version(s)

References

CVSS V3.0

Timeline