CVE-2025-2581

EPSS 0.22%
Veröffentlicht 21.03.2025 05:00:22
Zuletzt bearbeitet 27.03.2025 13:24:49
Quelle cna@vuldb.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to version 0.25.1 is able to address this issue. It is recommended to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xmedcon Project ≫ Xmedcon Version0.25.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.446

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cna@vuldb.com	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://vuldb.com/?id.300541

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.300541

VDB Entry

Permissions Required

https://vuldb.com/?submit.522216

Third Party Advisory

VDB Entry

https://xmedcon.sourceforge.io/Main/New

VDB Entry

Product

https://nvd.nist.gov/vuln/detail/CVE-2025-2581

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-2581

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-2581

EUVD