EUVD-2025-17355
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26168.
Analysis
Out-of-bounds write vulnerability in Sante DICOM Viewer Pro's DCM file parsing that allows remote code execution with high severity (CVSS 7.8). The vulnerability affects users who open malicious DICOM files, enabling attackers to execute arbitrary code in the application's process context. This is a user-interaction-dependent vulnerability with local attack vector, but the ability to trigger RCE via file opening makes it practically significant for targeted attacks.
Technical Context
The vulnerability exists in the DICOM (Digital Imaging and Communications in Medicine) file parsing functionality of Sante DICOM Viewer Pro. DICOM is a standard for handling, storing, printing, and transmitting medical image information. The root cause is CWE-787 (Out-of-bounds Write), where the parser fails to properly validate user-supplied data within DCM file structures, allowing an attacker to write data past the end of an allocated buffer. This memory corruption can overwrite adjacent heap or stack memory, potentially corrupting critical data structures or enabling code execution through heap spray or ROP chain techniques. The flaw was originally tracked as ZDI-CAN-26168, indicating it was responsibly disclosed to Trend Micro's Zero Day Initiative.
Affected Products
Sante DICOM Viewer Pro (specific versions not provided in the CVE description). The vulnerability affects installations that parse untrusted DCM (DICOM) files. CPE information is not available in the provided data, but the affected product line is: Sante DICOM Viewer Pro by Sante Software. Users should consult vendor advisories for exact version ranges (e.g., versions prior to the patch release). The vulnerability requires the application to be installed and capable of opening/processing DICOM files from external sources.
Remediation
Specific patch versions are not provided in the available information. Recommended remediation steps: (1) Contact Sante Software or check their official website for patch availability addressing ZDI-CAN-26168 / CVE-2025-5481; (2) Update Sante DICOM Viewer Pro to the latest patched version as released by the vendor; (3) Until patching is possible, implement application-level mitigations: restrict file opening to trusted DICOM sources, disable auto-opening of DICOM files from email/web, and educate users not to open unsolicited DICOM files; (4) Use application sandboxing or virtualization if available to limit code execution impact; (5) Monitor security advisories from Sante Software for patch release announcements. Vendor security bulletin should be referenced at: [Contact Sante Software directly or monitor their security page].
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today