Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
7.8

Sante DICOM Viewer Pro Malicious File Can Run Code on Your System

CVE-2026-2034
Summary

A security weakness in Sante DICOM Viewer Pro can let an attacker execute code on your system if you open a malicious file. This can happen if you visit a fake website or open a file from an untrusted source. To protect yourself, make sure to only open files from trusted sources and be cautious when visiting unfamiliar websites.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
santesoft dicom_viewer_pro <= 14.2.7 –
Original title
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante ...
Original description
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28129.
nvd CVSS3.0 7.8
Vulnerability type
CWE-120 Classic Buffer Overflow
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026