CVE-2022-24064 – CVE-2022-24064 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-24064?

CVE-2022-24064 has a CVSS score of 7.8 (HIGH). CVE-2022-24064 is a buffer overflow vulnerability in Sante DICOM Viewer Pro that allows remote code execution when parsing malicious J2K image files. Attackers can exploit this by tricking users into opening specially crafted files or visiting malicious websites. This affects users of Sante DICOM Viewer Pro 11.8.8.0 who process medical imaging files.

📋 TL;DR

CVE-2022-24064 is a buffer overflow vulnerability in Sante DICOM Viewer Pro that allows remote code execution when parsing malicious J2K image files. Attackers can exploit this by tricking users into opening specially crafted files or visiting malicious websites. This affects users of Sante DICOM Viewer Pro 11.8.8.0 who process medical imaging files.

💻 Affected Systems

Products:

Sante DICOM Viewer Pro

Versions: 11.8.8.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the J2K image parsing component. All installations of the affected version are vulnerable by default when processing J2K files.

📦 What is this software?

Dicom Viewer Pro by Santesoft

View all CVEs affecting Dicom Viewer Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Attacker executes arbitrary code in the context of the current user, potentially stealing sensitive medical data, installing malware, or using the system as a foothold for further attacks.

🟢

If Mitigated

Limited impact with proper segmentation and user privilege restrictions, potentially only affecting the application process without system-wide compromise.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (opening malicious file or visiting malicious site). The vulnerability is well-documented and buffer overflow exploits are common.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.8.9.0 or later

Vendor Advisory: https://www.santesoft.com/security-advisories/

Restart Required: Yes

Instructions:

1. Download the latest version from SanteSoft official website. 2. Uninstall the current version. 3. Install the updated version. 4. Restart the system.

🔧 Temporary Workarounds

Block J2K file processing

windows

Configure the application or system to block or quarantine J2K files from untrusted sources.

Application sandboxing

windows

Run Sante DICOM Viewer in a sandboxed environment with restricted permissions.

🧯 If You Can't Patch

Implement strict file type filtering at network perimeter to block J2K files from external sources.
Run the application with minimal user privileges and in isolated environments to limit potential damage.

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Sante DICOM Viewer Pro. If version is 11.8.8.0, the system is vulnerable.

Check Version:

Not applicable - check via application GUI Help > About menu

Verify Fix Applied:

Verify the version is 11.8.9.0 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing J2K files
Unexpected process creation from Sante DICOM Viewer

Network Indicators:

Downloads of J2K files from untrusted sources
Outbound connections from Sante DICOM Viewer to suspicious IPs

SIEM Query:

Process:Name='SanteDICOMViewer.exe' AND (EventID=1000 OR EventID=1001) OR NetworkConnection:ProcessName='SanteDICOMViewer.exe'

📊 Metadata

CVE ID: CVE-2022-24064

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-22-256/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-256/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24064, you might also want to check these: