ZDI-23-853: Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability
First published: Thu Jun 08 2023(Updated: )
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Santesoft Sante DICOM Viewer Pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-23-853?
The severity of ZDI-23-853 is categorized as medium due to the requirement of user interaction for exploitation.
How do I fix ZDI-23-853?
To fix ZDI-23-853, users should ensure they are running the latest version of Sante DICOM Viewer Pro that addresses this vulnerability.
What type of information can be disclosed by ZDI-23-853?
ZDI-23-853 allows the disclosure of sensitive information, which can vary based on the specific configuration and data handled by the affected software.
Is user interaction required for the exploitation of ZDI-23-853?
Yes, user interaction is required for the exploitation of ZDI-23-853, as the target must visit a malicious page or open a malicious file.
Which software is affected by ZDI-23-853?
ZDI-23-853 affects the Sante DICOM Viewer Pro software.
- collector/zdi-published
- alias/ZDI-CAN-21086
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/severity
- agent/references
- agent/softwarecombine
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-23-853
- alias/CVE-2023-34294
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sante
- canonical/santesoft sante dicom viewer pro