EUVD-2026-20916
GHSA-6cmv-pvcc-pf5h
Lifecycle Timeline
2
EUVD ID Assigned
Apr 09, 2026 - 15:00 euvd
EUVD-2026-20916
CVE Published
Apr 09, 2026 - 14:44 nvd
N/A
Description
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
Analysis
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
0
Low
Medium
High
Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).