← Back

CVE-2026-5443

nvd nist
Published: Apr 9, 2026Modified: Apr 14, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.

Affected (1)

Orthanc Server
1 product
Orthanc
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Orthanc
Before 1.12.11

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (3)

Source: cret@cert.org
Third Party AdvisoryVDB Entry
Source: cret@cert.org
Not Applicable
Source: cret@cert.org
Product

Timeline

No history available yet.