← Back

CVE-2026-5442

nvd nist
Published: Apr 9, 2026Modified: Apr 14, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.

Affected (1)

Orthanc Server
1 product
Orthanc
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Orthanc
Before 1.12.11

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (3)

Source: cret@cert.org
Third Party AdvisoryVDB Entry
Source: cret@cert.org
Not Applicable
Source: cret@cert.org
Product

Timeline

No history available yet.