13 matches found
CVE-2026-25860 OpenClinic GA 5.351.19 Reflected XSS via DICOM Image Upload Handler
OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...
CVE-2026-25860 OpenClinic GA 5.351.19 Reflected XSS via DICOM Image Upload Handler
OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...
DEBIAN-CVE-2026-5443
A heap buffer overflow vulnerability exists during the decoding of PALETTE COLOR DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memor...
UBUNTU-CVE-2026-5443
A heap buffer overflow vulnerability exists during the decoding of PALETTE COLOR DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memor...
[SECURITY] [DSA 6043-1] gimp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6043-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2025 https://www.debian.org/security/faq -...
Debian dsa-6043 : gimp - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6043 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6043-1 [email protected] https://www.debian.org/securit...
EUVD-2023-37422
Malicious code in bioql PyPI...
CVE-2023-33255
An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is...
CVE-2023-33255
An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is...
CVE-2023-33255
An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is...
Siemens Syngo FastView 缓冲区错误漏洞
Siemens Syngo FastView is a standalone viewer of Dicom 2 images available on Dicom exchange media from Siemens, Germany. An out-of-bounds write vulnerability exists in Siemens Syngo FastView, which stems from a lack of proper validation of user-supplied data when parsing BMP files. An attacker...
CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Private key disclosure, Osirix lite, 64bit and FDA cleader version CVE-2013-4425 version 1.09 CVSS Score: 8.4 Background: =========== OsiriX is an image processing software dedicated to DICOM images files with a ".dcm" / ".DCM" extension produced by...
XNView buffer overflow
Integer overflow on DICOM images parsing leading to buffer overflow...