Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-32133

8.8HIGH

Key Information:

Vendor: Sante
Status: Dicom Viewer Pro
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-32133?

Sante DICOM Viewer Pro is susceptible to a vulnerability that arises from improper handling of J2K image files. Maliciously crafted J2K data can cause the application to write beyond allocated buffer limits, opening the door for remote attackers to execute arbitrary code within the context of the application. For exploitation to succeed, user interaction is necessary, which typically involves visiting a malicious site or opening a compromised file. The flaw highlights the importance of implementing robust validation mechanisms to prevent such exploits.

Affected Version(s)

DICOM Viewer Pro 11.8.11.0

References

https://www.zerodayinitiative.com/advisories/ZDI-23-525/

x_research-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
May 3, 2023