Primary

Context

Pixmeo OsiriX MD Use-After-Free Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A use-after-free vulnerability has been identified in Pixmeo OsiriX MD, specifically in versions 14.0.1 (Build 2024-02-28) and prior. This vulnerability allows an attacker to upload a crafted DICOM file, causing memory corruption that leads to a denial-of-service condition. Additionally, the OsiriX MD Web Portal transmits credential information unencrypted, potentially allowing credential theft.

Impact

Exploitation of this vulnerability causes memory corruption, resulting in a denial-of-service condition.

Remediation

Users are advised to download the latest version of OsiriX MD. For additional support, contact Pixmeo directly.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pixmeo OsiriX MD Use-After-Free Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Pixmeo OsiriX MD

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating