CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2480 – Santesoft Sante DICOM Viewer Pro Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2025-2480
20 Mar 2025 — Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds write, which requires a user to open a malicious DCM file, resulting in execution of arbitrary code by a local attacker. • https://santesoft.com/win/sante-dicom-viewer-pro/download.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2284 – Santesoft Sante PACS Server Access of Uninitialized Pointer DoS
https://notcve.org/view.php?id=CVE-2025-2284
13 Mar 2025 — A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe". • https://www.tenable.com/security/research/tra-2025-08 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2265 – Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation
https://notcve.org/view.php?id=CVE-2025-2265
13 Mar 2025 — The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte • https://www.tenable.com/security/research/tra-2025-08 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 7.8EPSS: 73%CPEs: 1EXPL: 0CVE-2025-2264 – Santesoft Sante PACS Server Path Traversal Information Disclosure
https://notcve.org/view.php?id=CVE-2025-2264
13 Mar 2025 — A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed. • https://www.tenable.com/security/research/tra-2025-08 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2263 – Santesoft Sante PACS Server Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-2263
13 Mar 2025 — During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker. • https://www.tenable.com/security/research/tra-2025-08 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1696 – Santesoft Sante FFT Imaging Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2024-1696
11 Mar 2024 — In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution. En Santesoft Sante FFT Imaging versiones 1.4.1 y anteriores, una vez que un usuario abre un archivo DCM malicioso en las instalaciones de FFT Imaging afectadas, un atacante local podría realizar una escritura fuera de los límites, lo que podría permitir la ejecución de códig... • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1453 – Santesoft Sante DICOM Viewer Pro Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2024-1453
01 Mar 2024 — In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-058-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35986 – Santesoft Sante DICOM Viewer Pro Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-35986
19 Oct 2023 — Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. Sante DICOM Viewer Pro carece de una validación adecuada de los datos proporcionados por el usuario al analizar archivos DICOM. Esto podría provocar un desbordamiento del búfer basado en pila. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-285-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39431 – Santesoft Sante DICOM Viewer Pro Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2023-39431
19 Oct 2023 — Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. Sante DICOM Viewer Pro carece de una validación adecuada de los datos proporcionados por el usuario al analizar archivos DICOM. Esto podría provocar una escritura fuera de límites. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-285-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5059 – Santesoft Sante FFT Imaging Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2023-5059
19 Oct 2023 — Santesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. Santesoft Sante FFT Imaging carece de una validación adecuada de los datos proporcionados por el usuario al analizar archivos DICOM. Esto podría dar lugar a una lectura fuera de límites. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-285-02 • CWE-125: Out-of-bounds Read •