Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-32133

8.8HIGH

Key Information:

Vendor: Sante
Status: Dicom Viewer Pro
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-32133?

Sante DICOM Viewer Pro is susceptible to a vulnerability that arises from improper handling of J2K image files. Maliciously crafted J2K data can cause the application to write beyond allocated buffer limits, opening the door for remote attackers to execute arbitrary code within the context of the application. For exploitation to succeed, user interaction is necessary, which typically involves visiting a malicious site or opening a compromised file. The flaw highlights the importance of implementing robust validation mechanisms to prevent such exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DICOM Viewer Pro 11.8.11.0

References

https://www.zerodayinitiative.com/advisories/ZDI-23-525/

x_research-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
May 3, 2023

JSON

Sante

What is CVE-2023-32133?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.