CVE-2024-25578

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application.

References

Link	Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01	US Government Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:microdicom:dicom_viewer:*:*:*:*:*:*:*:*

History

06 Mar 2025, 19:29

Type	Values Removed	Values Added
First Time		Microdicom dicom Viewer Microdicom
References	~~() https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01 -~~	() https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01 - US Government Resource
CPE		cpe:2.3:a:microdicom:dicom_viewer::::::::

21 Nov 2024, 09:01

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01 -~~	() https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01 -

Information

Published : 2024-03-01 01:15

Updated : 2025-03-06 19:29

NVD link : CVE-2024-25578

Mitre link : CVE-2024-25578

CVE.ORG link : CVE-2024-25578

JSON object : View

Products Affected

dicom_viewer

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-25578", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-03-01T01:15:07.550", "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01", "tags": ["US Government Resource"], "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "\n\n\nMicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application.\n\n\n\n"}, {"lang": "es", "value": "MicroDicom DICOM Viewer versiones 2023.3 (compilaci\u00f3n 9342) y anteriores contienen una falta de validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que podr\u00eda provocar da\u00f1os en la memoria dentro de la aplicaci\u00f3n."}], "lastModified": "2025-03-06T19:29:44.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microdicom:dicom_viewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCB759EB-FAF5-4952-ABEB-0DAC418A5846", "versionEndExcluding": "2024.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}