CVE-2022-24062 in DICOM Viewer Proinfo

Summary

by MITRE • 02/18/2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15104.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

Zero Day Initiative

Reservation

01/27/2022

Disclosure

02/18/2022

Moderation

accepted

Entry

VDB-193431

CPE

ready

CWE

CWE-416 (confirmed)

CVSS

7.8 (CNA)

EPSS

0.01731

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-24062
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-24062
CVE Details	https://www.cvedetails.com/cve/CVE-2022-24062/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!