CVE-2022-24058 – CVE-2022-24058 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-24058?

CVE-2022-24058 has a CVSS score of 7.8 (HIGH). CVE-2022-24058 is a buffer overflow vulnerability in Sante DICOM Viewer Pro that allows remote code execution when a user opens a malicious J2K image file. Attackers can exploit this to run arbitrary code with the same privileges as the current user. This affects users of Sante DICOM Viewer Pro 11.8.7.0 who open untrusted J2K files.

📋 TL;DR

CVE-2022-24058 is a buffer overflow vulnerability in Sante DICOM Viewer Pro that allows remote code execution when a user opens a malicious J2K image file. Attackers can exploit this to run arbitrary code with the same privileges as the current user. This affects users of Sante DICOM Viewer Pro 11.8.7.0 who open untrusted J2K files.

💻 Affected Systems

Products:

Sante DICOM Viewer Pro

Versions: 11.8.7.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the Pro version of Sante DICOM Viewer. Requires J2K file parsing functionality.

📦 What is this software?

Dicom Viewer Pro by Santesoft

View all CVEs affecting Dicom Viewer Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious J2K files from untrusted sources.

🟢

If Mitigated

Limited impact if proper application sandboxing and user privilege restrictions are in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but could be delivered via web downloads or email attachments.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via phishing or shared drives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is technically straightforward once a malicious J2K file is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.8.8.0 or later

Vendor Advisory: https://www.santesoft.com/security-advisories

Restart Required: Yes

Instructions:

1. Download latest version from SanteSoft website. 2. Run installer. 3. Restart system. 4. Verify version is 11.8.8.0 or higher.

🔧 Temporary Workarounds

Disable J2K file association

windows

Remove J2K file type association with Sante DICOM Viewer to prevent automatic opening

Control Panel > Default Programs > Associate a file type or protocol with a program > Remove .j2k association

Application sandboxing

windows

Run Sante DICOM Viewer in restricted environment

🧯 If You Can't Patch

Restrict user privileges to standard user accounts (not administrator)
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Sante DICOM Viewer for version 11.8.7.0

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Verify version is 11.8.8.0 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening J2K files
Unusual process creation from SanteDICOMViewer.exe

Network Indicators:

Downloads of J2K files from untrusted sources
Outbound connections after J2K file opening

SIEM Query:

process_name:"SanteDICOMViewer.exe" AND (event_id:1000 OR parent_process:*powershell* OR parent_process:*cmd*)

📊 Metadata

CVE ID: CVE-2022-24058

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-22-250/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-250/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24058, you might also want to check these: