Arbitrary Code Execution Vulnerability in Sante DICOM Viewer Pro by Sante
CVE-2022-24058

7.8HIGH

Key Information:

Vendor: Sante
Status: Dicom Viewer Pro
Vendor: CVE Published:; 18 February 2022

What is CVE-2022-24058?

This vulnerability in Sante DICOM Viewer Pro 11.8.7.0 enables remote attackers to execute arbitrary code by exploiting a flaw in the handling of J2K files. To successfully carry out an attack, the user must visit a malicious web page or open a compromised J2K file. The issue stems from improper parsing, which can lead to a buffer overflow condition. By leveraging this vulnerability, attackers can execute code within the context of the affected application, potentially compromising user data and system integrity.

Affected Version(s)

DICOM Viewer Pro 11.8.7.0

References

https://www.zerodayinitiative.com/advisories/ZDI-22-250/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2022
Vulnerability Reserved
Jan 27, 2022

Credit

Tran Van Khang - khangkito (VinCSS)