Skip to main content

Dicom Server CVE-2026-5441

| EUVDEUVD-2026-20918 HIGH
Out-of-bounds Read (CWE-125)
2026-04-09 certcc GHSA-5jvx-5q86-rxx3
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Apr 14, 2026 - 17:23 vuln.today
CVSS changed
Apr 14, 2026 - 17:22 NVD
7.1 (HIGH)
EUVD ID Assigned
Apr 09, 2026 - 15:00 euvd
EUVD-2026-20918
CVE Published
Apr 09, 2026 - 14:42 nvd
N/A

DescriptionCVE.org

An out-of-bounds read vulnerability exists in the DecodePsmctRle1 function of DicomImageDecoder.cpp. The PMSCT_RLE1 decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.

AnalysisAI

Out-of-bounds read in Orthanc DICOM Server's Philips PMSCT_RLE1 decompression allows local attackers to leak heap memory into rendered medical images via maliciously crafted DICOM files. Affects versions ≤1.12.10. Requires user interaction (opening crafted file). EPSS 0.02% (4th percentile) indicates minimal real-world exploitation likelihood. No active exploitation or public POC identified at time of analysis. CERT/CC reported (VU#536588).

Technical ContextAI

The vulnerability resides in the PMSCT_RLE1 decompression implementation within DicomImageDecoder.cpp, part of Orthanc DICOM Server (cpe:2.3:a:orthanc:dicom_server). PMSCT_RLE1 is Philips' proprietary run-length encoding compression format used in medical imaging. The decoder processes escape markers to control decompression state, but fails to validate marker positions relative to buffer boundaries when they appear near the end of compressed data streams. This classic out-of-bounds read occurs during heap-allocated buffer access, causing the decoder to read beyond allocated memory regions. The leaked out-of-bounds data is directly incorporated into the decompressed image output, making heap contents visible in rendered pixel data. As a buffer overflow variant, this represents improper input validation at the decompression layer where compressed data length assumptions fail to account for malformed marker sequences. DICOM (Digital Imaging and Communications in Medicine) servers like Orthanc are critical infrastructure in healthcare environments, processing patient imaging data.

RemediationAI

No vendor-released patch identified at time of analysis; upstream fix availability not confirmed from available data. Monitor Orthanc project releases at https://www.orthanc-server.com/ for security updates addressing CVE-2026-5441. Until patches are available, implement defense-in-depth measures: restrict DICOM file sources to trusted origins, deploy file integrity validation, sandbox DICOM processing in isolated environments with minimal privileges, disable Philips PMSCT_RLE1 codec support if not operationally required, and implement network segmentation to limit local access vectors. Review CERT/CC advisory VU#536588 at https://kb.cert.org/vuls/id/536588 for additional technical guidance. Organizations should audit DICOM workflow processes to identify where untrusted files might enter the imaging pipeline and enforce strict input validation policies.

Share

CVE-2026-5441 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy