Skip to main content

Dicom Server CVE-2026-5444

| EUVDEUVD-2026-20924 HIGH
Out-of-bounds Write (CWE-787)
2026-04-09 certcc
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Apr 14, 2026 - 17:24 vuln.today
CVSS changed
Apr 14, 2026 - 17:22 NVD
7.1 (HIGH)
EUVD ID Assigned
Apr 09, 2026 - 15:00 euvd
EUVD-2026-20924
CVE Published
Apr 09, 2026 - 14:42 nvd
N/A

DescriptionCVE.org

A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.

AnalysisAI

Heap buffer overflow in Orthanc DICOM Server (versions ≤1.12.10) allows local attackers to corrupt data or crash the service via maliciously crafted PAM images embedded in DICOM files. The vulnerability stems from integer overflow during buffer size calculation when multiplying image dimensions with 32-bit arithmetic, leading to undersized heap allocation followed by oversized writes during pixel processing. EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability; no public exploit code or active exploitation confirmed at time of analysis.

Technical ContextAI

Orthanc is an open-source DICOM server used in medical imaging workflows to receive, store, and distribute medical images. This vulnerability affects the server's PAM (Portable Arbitrary Map) image parsing component, which handles pixel data extraction from DICOM encapsulated images. The flaw occurs when the parser calculates heap buffer size using 32-bit unsigned integer multiplication of user-controlled image dimensions (width × height × channels). An attacker can craft dimensions that appear valid individually but overflow during multiplication (e.g., width=65536, height=65536 overflows to a small value in 32-bit space), causing malloc() to allocate insufficient memory. Subsequent pixel processing writes the full expected data size into this undersized buffer, corrupting adjacent heap metadata or application data. This is a classic CWE-190 (Integer Overflow) leading to CWE-122 (Heap-based Buffer Overflow) exploitation pattern common in image parsers that lack proper overflow checks before allocation.

RemediationAI

Upgrade Orthanc DICOM Server to version 1.12.11 or later, which should contain fixes for the integer overflow in PAM parsing logic (confirm fixed version through vendor advisory at https://www.orthanc-server.com/ or CERT/CC coordination at https://kb.cert.org/vuls/id/536588). As an interim workaround, restrict DICOM file sources to trusted medical imaging devices only and implement file validation at ingestion points to reject files with suspicious PAM headers or extreme dimension values. Configure Orthanc with minimal privileges and deploy address space layout randomization (ASLR) and stack canaries to increase exploitation difficulty. Monitor logs for crashes during image processing as potential indicators of exploitation attempts.

Share

CVE-2026-5444 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy