CVE-2025-31946 | THREATINT

Description

Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.

PUBLISHED Reserved 2025-04-03 | Published 2025-05-08 | Updated 2025-05-09 | Assigner icscert

MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-416 Use After Free

Product status

Default status

unaffected

Any version

affected

Credits

Chizuru Toyama of TXOne Networks and Canaan Kao of TXOne Networks reported these vulnerabilities to CISA. finder

References

www.cisa.gov/...vents/ics-medical-advisories/icsma-25-128-01

www.osirix-viewer.com/osirix/osirix-md/

www.osirix-viewer.com/about/contact/

cve.org (CVE-2025-31946)

nvd.nist.gov (CVE-2025-31946)

Download JSON