Login Sign Up

CVE-2023-32135

6.5 MEDIUM

📋 TL;DR

A use-after-free vulnerability in Sante DICOM Viewer Pro allows remote attackers to disclose sensitive information when users open malicious DCM files. This affects healthcare organizations and medical professionals using this DICOM viewer software. The vulnerability can potentially lead to arbitrary code execution when combined with other exploits.

💻 Affected Systems

Products:
  • Sante DICOM Viewer Pro
Versions: Specific versions not publicly disclosed in references, but all versions prior to patched version are likely affected
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default DCM file parsing functionality. Requires user interaction to open malicious file.

📦 What is this software?

Dicom Editor by Santesoft

View all CVEs affecting Dicom Editor →

Dicom Viewer Pro by Santesoft

View all CVEs affecting Dicom Viewer Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution leading to data theft, ransomware deployment, or lateral movement within healthcare networks.

🟠

Likely Case

Information disclosure of sensitive medical data and system memory contents, potentially enabling further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation, application whitelisting, and user training preventing malicious file execution.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction (opening malicious file). ZDI advisory suggests this could be chained with other vulnerabilities for code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references, check vendor advisory

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Check Sante DICOM Viewer Pro vendor website for security updates
2. Download and install latest patched version
3. Restart application and system as required

🔧 Temporary Workarounds

Disable DCM file association

windows

Prevent automatic opening of DCM files with vulnerable viewer

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .dcm association to different application

Application control policy

windows

Restrict execution of Sante DICOM Viewer Pro to trusted locations only

🧯 If You Can't Patch

  • Implement strict email filtering to block DCM attachments
  • Train users to never open DCM files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Sante DICOM Viewer Pro version against vendor's patched version list

Check Version:

Open Sante DICOM Viewer Pro > Help > About to view version information

Verify Fix Applied:

Verify installation of latest version from vendor and test with known safe DCM files

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when opening DCM files
  • Unusual memory access patterns in application logs

Network Indicators:

  • Downloads of DCM files from untrusted sources
  • Outbound connections after DCM file processing

SIEM Query:

Process: 'SanteDICOMViewer.exe' AND (EventID: 1000 OR EventID: 1001) AND FileExtension: '.dcm'

📊 Metadata

CVE ID: CVE-2023-32135
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-416
Published: May 3, 2024
Last Updated: January 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32135, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)