Primary

Context

Pixmeo OsiriX MD Local Use-After-Free Vulnerability Allowing Memory Corruption

Vulnerability

Patched

A local use-after-free vulnerability has been identified in Pixmeo OsiriX MD, specifically in versions 14.0.1 (Build 2024-02-28) and prior. This vulnerability allows an attacker to locally import a crafted DICOM file, leading to memory corruption and potentially causing the application to crash.

Impact

Exploitation of this vulnerability could result in memory corruption, causing a denial-of-service condition by crashing the application.

Remediation

Users are advised to download the latest version of OsiriX MD. For additional support, contact Pixmeo directly.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pixmeo OsiriX MD Local Use-After-Free Vulnerability Allowing Memory Corruption

Vulnerability

Impact

Remediation

Affected Products

Pixmeo OsiriX MD

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating