CVE-2025-2581

A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to version 0.25.1 is able to address this issue. It is recommended to upgrade the affected component.
Wrap or Wraparound
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
VulDBCNA
4.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
xmedcon_projectxmedcon
0.25.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xmedcon
bullseye
postponed
bookworm
0.23.0-gtk3+dfsg-1+deb12u2
fixed
sid
0.25.1-gtk3+dfsg-1
fixed
trixie
0.25.1-gtk3+dfsg-1
fixed
Common Weakness Enumeration
References
https://vuldb.com/?ctiid.300541
https://vuldb.com/?id.300541
https://vuldb.com/?submit.522216
https://xmedcon.sourceforge.io/Main/New