PatchSiren

MicroDicom CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH MicroDicom CVE published 2025-06-10

CVE-2025-5943

CVE-2025-5943 is a high-severity out-of-bounds write vulnerability in MicroDicom DICOM Viewer. According to CISA, a remote attacker could potentially execute arbitrary code on affected installations if they can get a user to either visit a malicious website or open a malicious DICOM file locally. MicroDicom’s remediation guidance is to update DICOM Viewer to version 2025.3 or later.

HIGH MicroDicom CVE published 2025-05-01

CVE-2025-35975

MicroDicom DICOM Viewer is affected by an out-of-bounds write that may allow arbitrary code execution when a user opens a malicious DCM file. CISA published the advisory as ICSMA-25-121-01 on 2025-05-01 and later revised it on 2025-05-06 for typos. MicroDicom’s remediation is to update DICOM Viewer to version 2025.2 or later.

MEDIUM MicroDicom CVE published 2025-02-06

CVE-2025-1002

CVE-2025-1002 is a medium-severity update integrity issue in MicroDicom DICOM Viewer. CISA says the application does not adequately verify the update server's certificate, which could let an attacker in a privileged network position intercept and modify update traffic and deliver a malicious update. MicroDicom's remediation is to upgrade to DICOM Viewer version 2025.1.

HIGH MicroDicom CVE published 2024-06-11

CVE-2024-33606

CVE-2024-33606 is a high-severity vulnerability in MicroDicom DICOM Viewer affecting versions prior to 2024.2. Published on June 11, 2024, this vulnerability allows an attacker to retrieve sensitive medical images, plant new medical images, or overwrite existing medical images on a victim's system. User interaction is required for exploitation. The vulnerability carries a CVSS 3.1 score of 8.8 (HIGH), ind [truncated]

HIGH MicroDicom CVE published 2024-06-11

CVE-2024-28877

CVE-2024-28877 is a stack-based buffer overflow vulnerability in MicroDicom DICOM Viewer versions prior to 2024.2. The vulnerability was published by CISA on June 11, 2024, with a CVSS 3.1 score of 8.8 (HIGH). Successful exploitation requires user interaction, such as opening a malicious DICOM file, and may allow an attacker to execute arbitrary code on affected installations. The vulnerability is not lis [truncated]

HIGH MicroDicom CVE published 2024-02-29

CVE-2024-25578

A memory corruption vulnerability exists in MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior due to improper validation of user-supplied data. The vulnerability, published by CISA on February 29, 2024, carries a CVSS 3.1 score of 7.8 (HIGH severity). The attack vector is local, requiring user interaction but no privileges, and can result in high impacts to confidentiality, integrity, and ava [truncated]

HIGH MicroDicom CVE published 2024-02-29

CVE-2024-22100

A heap-based buffer overflow vulnerability in MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior allows arbitrary code execution when a user opens a malicious DCM file. The vulnerability was disclosed by CISA on February 29, 2024, with a CVSS 3.1 score of 7.8 (HIGH). The attack vector is local, requiring user interaction to open a crafted file, but successful exploitation grants high impact ac [truncated]