Orthanc Dicom Server
10 CVEs affecting Orthanc Dicom Server. Latest disclosed: 2026-06-02. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-10528 | Low | 3.3 | 2026-06-02 | A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/D… |
CVE-2026-5439 | | 2026-04-09 | A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metada… | |
CVE-2026-5437 | | 2026-04-09 | An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser m… | |
CVE-2026-5438 | | 2026-04-09 | A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompr… | |
CVE-2026-5440 | | 2026-04-09 | A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on… | |
CVE-2026-5442 | | 2026-04-09 | A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instea… | |
CVE-2026-5443 | | 2026-04-09 | A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width a… | |
CVE-2026-5445 | | 2026-04-09 | An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETT… | |
CVE-2026-5444 | | 2026-04-09 | A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensio… | |
CVE-2026-5441 | | 2026-04-09 | An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes… |