← Back

CVE-2026-5437

nvd nist
Published: Apr 9, 2026Modified: Apr 15, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.

Affected (1)

Orthanc Server
1 product
Orthanc
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Orthanc
Before 1.12.11

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (3)

Source: cret@cert.org
Third Party AdvisoryVDB Entry
Source: cret@cert.org
Not Applicable
Source: cret@cert.org
Product

Timeline

No history available yet.