Home

Description

Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.

PUBLISHED Reserved 2025-04-03 | Published 2025-05-08 | Updated 2025-05-09 | Assigner icscert




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-416 Use After Free

Product status

Default status
unaffected

Any version
affected

Credits

Chizuru Toyama of TXOne Networks and Canaan Kao of TXOne Networks reported these vulnerabilities to CISA. finder

References

www.cisa.gov/...vents/ics-medical-advisories/icsma-25-128-01

www.osirix-viewer.com/osirix/osirix-md/

www.osirix-viewer.com/about/contact/

cve.org (CVE-2025-27578)

nvd.nist.gov (CVE-2025-27578)

Download JSON