First published: Fri Feb 18 2022(Updated: )
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15095.
Credit: zdi-disclosures@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sante DICOM Viewer Pro | ||
Santesoft Dicom Viewer Pro | =11.8.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2022-24058.
The severity level of CVE-2022-24058 is critical with a score of 7.8.
The vulnerability CVE-2022-24058 allows remote attackers to execute arbitrary code by exploiting an out-of-bounds write during J2K file parsing.
The Sante DICOM Viewer Pro version 11.8.7.0 is affected by CVE-2022-24058.
The vulnerability CVE-2022-24058 can be exploited by tricking the victim into visiting a malicious page or opening a malicious file.