This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Affected Software | Affected Version | How to fix |
---|---|---|
Sante DICOM Viewer Pro |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of ZDI-22-256 is critical due to the potential for remote code execution.
To fix ZDI-22-256, update Sante DICOM Viewer Pro to the latest version provided by the vendor.
Users of Sante DICOM Viewer Pro are affected by the ZDI-22-256 vulnerability.
ZDI-22-256 is a remote code execution vulnerability that requires user interaction to exploit.
The risks associated with ZDI-22-256 include unauthorized execution of malicious code and potential data compromise.