[Japanese]

JVNDB-2024-000034

SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries

Overview

SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated. After the coordination was completed, Taihei Shimamine reported the case to JPCERT/CC to notify users of the solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Fujidenolo Solutions Co., Ltd.
  • SonicDICOM Media Viewer versions 2.3.2 and earlier

Impact

Arbitrary code may be executed with the privileges of the running application.
Solution

[Update the Software]
Update the software to the latest version according to the information provided by the developer.
Vendor Information

Fujidenolo Solutions Co., Ltd.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2024-29734
References

  1. JVN : JVN#40367518
  2. JVN : JVNTA#91240916
Revision History

  • [2024/03/27]
      Web page was published

Date Public2024/03/27
Date First Published2024/03/27
Date Last Updated2024/03/27