← Back

CVE-2026-5445

nvd nist
Published: Apr 9, 2026Modified: Apr 14, 2026

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Exploitability: 3.9 / Impact: 5.2
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.

Affected (1)

Orthanc Server
1 product
Orthanc
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Orthanc
Before 1.12.11

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (3)

Source: cret@cert.org
Third Party AdvisoryVDB Entry
Source: cret@cert.org
Not Applicable
Source: cret@cert.org
Product

Timeline

No history available yet.