CVE-2022-24064

Name of the Vulnerable Software and Affected Versions Sante DICOM Viewer Pro version 11.8.8.0

Description This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of J2K images, where crafted data in a J2K file can trigger a write past the end of an allocated buffer, allowing an attacker to execute code in the context of the current process.

Recommendations For Sante DICOM Viewer Pro version 11.8.8.0, as a temporary workaround, consider disabling the parsing of J2K images until a patch is available. Restrict access to J2K files to minimize the risk of exploitation. Avoid using Sante DICOM Viewer Pro to open files from untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.