CVE-2025-36521

HIGH Year: 2025
CVSS v3 Score
8.8
High
Weakness Type
CWE-125
View all →

Vulnerability Description

MicroDicom DICOM Viewer is vulnerable to an out-of-bounds read which may allow an attacker to cause memory corruption within the application. The user must open a malicious DCM file for exploitation.

Related Vulnerabilities

CVE-2014-1497

HIGH
CVSS:8.8(High)

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sen...

CWE-1252014

CVE-2015-9381

HIGH
CVSS:8.8(High)

FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.

CWE-1252015

CVE-2016-10403

HIGH
CVSS:8.8(High)

Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

CWE-1252016

CVE-2016-1646

HIGH
CVSS:8.8(High)

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to ca...

CWE-1252016

CVE-2016-3621

HIGH
CVSS:8.8(High)

The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a c...

CWE-1252016

CVE-2016-5198

HIGH
CVSS:8.8(High)

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to ...

CWE-1252016