Out-of-bounds Read Vulnerability in MicroDicom DICOM Viewer
CVE-2025-36521

8.8HIGH

Key Information:

Vendor: Microdicom
Status: Dicom Viewer
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-36521?

The MicroDicom DICOM Viewer has a vulnerability that enables an out-of-bounds read, potentially allowing an attacker to induce memory corruption when the application processes specially crafted DCM files. This exploitation requires user interaction to open the malicious file, highlighting the importance of caution when handling file types associated with medical imaging. For protection against this vulnerability, users should ensure that they are using the most recent version of the software, which addresses this flaw.

Affected Version(s)

DICOM Viewer 0 <= 2025.1

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

https://www.microdicom.com/downloads.html

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Apr 28, 2025

Credit

Michael Heinzl reported these vulnerabilities to CISA.

Microdicom

What is CVE-2025-36521?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit