Buffer Overflow Vulnerability in Sante DICOM Viewer Pro by Sante
CVE-2022-24060

3.3LOW

Key Information:

Vendor: Sante
Status: Dicom Viewer Pro
Vendor: CVE Published:; 18 February 2022

What is CVE-2022-24060?

This vulnerability permits remote attackers to access sensitive information on installations of Sante DICOM Viewer Pro 11.8.7.0. Successful exploitation requires the victim to visit a malicious webpage or open a compromised file. The underlying issue resides in the DCM file parsing, where malformed input can lead to a read operation beyond the allocated buffer limits. Attackers may combine this vulnerability with other exploits to execute arbitrary code within the affected program's environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DICOM Viewer Pro 11.8.7.0

References

https://www.zerodayinitiative.com/advisories/ZDI-22-252/

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2022
Vulnerability Reserved
Jan 27, 2022

Credit

Mat Powell of Trend Micro Zero Day Initiative

JSON

Sante