Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
An out-of-bounds read vulnerability exists in DicomStreamReader during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
AnalysisAI
Out-of-bounds read in Orthanc DICOM Server's DicomStreamReader allows remote unauthenticated attackers to trigger denial-of-service conditions via malformed DICOM meta-header structures. CVSS 7.5 (High) with network attack vector and low complexity, requiring no privileges or user interaction. EPSS score of 0.01% (3rd percentile) indicates minimal observed exploitation activity. No confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though CERT/CC coordination (VU#536588) suggests coordinated disclosure process.
Technical ContextAI
This vulnerability affects the DicomStreamReader component in Orthanc DICOM Server, an open-source medical imaging server implementing the DICOM (Digital Imaging and Communications in Medicine) standard. DICOM files contain complex metadata headers that describe medical imaging data. The parser processes these headers by reading metadata structures into allocated buffers. The out-of-bounds read occurs when the parser encounters malformed or crafted metadata structures that cause it to read beyond the bounds of the metadata buffer. While classified under Buffer Overflow tags, this is specifically a read operation vulnerability (not a write overflow), meaning attackers cannot inject code but can trigger abnormal program behavior. The vulnerability exists in the meta-header parsing phase, which occurs early in DICOM file processing before image data validation. CPE indicates the core Orthanc DICOM Server application is affected, though specific vulnerable version ranges are not provided in available data.
RemediationAI
Organizations running Orthanc DICOM Server should immediately consult CERT/CC Vulnerability Note VU#536588 at https://kb.cert.org/vuls/id/536588 for official vendor guidance and patched version information, as specific fix versions are not included in available CVE data. Monitor the official Orthanc security advisories at https://www.orthanc-server.com/ for patch releases addressing CVE-2026-5437. Until patches are applied, consider implementing network-level mitigations such as restricting DICOM endpoint access to trusted medical imaging devices and networks only, deploying web application firewalls or intrusion detection systems configured to detect malformed DICOM headers, and enabling enhanced logging on DICOM receivers to identify potential exploitation attempts. Given the lack of data exfiltration risk, prioritize patching based on exposure: internet-facing DICOM servers warrant immediate attention, while air-gapped or VLAN-isolated systems present lower risk profiles. Review DICOM file ingestion workflows to ensure only trusted imaging sources can submit studies to the Orthanc server.
More in Dicom Server
View allHeap buffer overflow in Orthanc DICOM Server (versions ≤1.12.10) allows unauthenticated remote code execution via malfor
Heap buffer overflow in Orthanc DICOM Server ≤1.12.10 allows unauthenticated remote attackers to achieve arbitrary code
Out-of-bounds heap read in Orthanc DICOM Server ≤1.12.10 allows unauthenticated remote attackers to extract heap memory
Memory exhaustion in Orthanc DICOM Server versions up to 1.12.10 allows remote unauthenticated attackers to crash the se
Memory exhaustion in Orthanc DICOM Server versions ≤1.12.10 allows remote attackers to trigger denial of service by uplo
Memory exhaustion in Orthanc DICOM Server ≤1.12.10 allows unauthenticated remote attackers to trigger denial-of-service
Heap buffer overflow in Orthanc DICOM Server (versions ≤1.12.10) allows local attackers to corrupt data or crash the ser
Out-of-bounds read in Orthanc DICOM Server's Philips PMSCT_RLE1 decompression allows local attackers to leak heap memory
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20913
GHSA-gqwr-8hwp-hh46