CVE-2022-24062 – CVE-2022-24062 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2022-24062?

CVE-2022-24062 has a CVSS score of 7.8 (HIGH). CVE-2022-24062 is a use-after-free vulnerability in Sante DICOM Viewer Pro's JP2 file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JP2 files or visiting malicious web pages. This affects users of Sante DICOM Viewer Pro 13.2.0.21165 who process medical imaging files.

📋 TL;DR

CVE-2022-24062 is a use-after-free vulnerability in Sante DICOM Viewer Pro's JP2 file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JP2 files or visiting malicious web pages. This affects users of Sante DICOM Viewer Pro 13.2.0.21165 who process medical imaging files.

💻 Affected Systems

Products:

Sante DICOM Viewer Pro

Versions: 13.2.0.21165

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Primarily affects healthcare environments using DICOM medical imaging software. Requires user interaction to open malicious JP2 files.

📦 What is this software?

Dicom Viewer Pro by Santesoft

View all CVEs affecting Dicom Viewer Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or malware installation on the affected workstation, potentially compromising patient medical data and DICOM files.

🟢

If Mitigated

Application crash or denial of service if exploit fails, with potential data corruption of medical imaging files.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is straightforward once malicious file is opened. ZDI-CAN-15104 tracking suggests active research interest.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for latest patched version

Vendor Advisory: https://www.santesoft.com/

Restart Required: Yes

Instructions:

1. Contact Santesoft for patched version 2. Download and install update 3. Restart system 4. Verify installation

🔧 Temporary Workarounds

Disable JP2 file association

windows

Remove JP2 file type association with Sante DICOM Viewer to prevent automatic opening

Control Panel > Default Programs > Associate a file type or protocol with a program > Remove .jp2 association

Application whitelisting

windows

Restrict execution of Sante DICOM Viewer to trusted directories only

🧯 If You Can't Patch

Implement strict email/web filtering to block JP2 files from untrusted sources
User training on not opening medical imaging files from unknown sources

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Sante DICOM Viewer for version 13.2.0.21165

Check Version:

Not available via command line - check through application GUI

Verify Fix Applied:

Verify installed version is newer than 13.2.0.21165 and test with known safe JP2 files

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening JP2 files
Unexpected child processes spawned from SanteDicomViewer.exe

Network Indicators:

Outbound connections from SanteDicomViewer.exe to unknown IPs
Unexpected DNS queries

SIEM Query:

Process Creation where ParentImage contains 'SanteDicomViewer.exe' AND CommandLine contains unusual parameters

📊 Metadata

CVE ID: CVE-2022-24062

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-22-254/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-254/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24062, you might also want to check these: