Description
A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named bae99026ca97. To fix this issue, it is recommended to deploy a patch.
Published: 2026-06-02
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow exists in the Orthanc DICOM Server (version 1.12.11 or earlier) within the DCMTK Parser component. The flaw resides in the DcmItem::read method of FromDcmtkBridge.cpp, enabling an attacker who can control the input data to overflow a stack buffer. The result can be arbitrary code execution on the server, as the vulnerability is triggered by passing a specially crafted DICOM file. The flaw is classified under CWE‑119 and CWE‑121, indicating a buffer overflow and stack-based buffer overflow weakness.

Affected Systems

Orthanc DICOM Server up to version 1.12.11. The vulnerability affects all platforms where the affected build is deployed, as it relies on the processing of DICOM data files by the DCMTK Parser. No specific operating system is limited; any local user able to submit a DICOM file to the server is able to exercise the flaw.

Risk and Exploitability

The CVSS score of 4.8 reflects moderate severity, and no EPSS score is available. The vulnerability is listed as not being in the CISA KEV catalog. Attacking locally is required, but a public exploit has been released, indicating that an attacker with local access to the service can insert malicious DICOM data. Because the flaw leads to a stack overflow, an exploitation attempt has a high likelihood of succeeding for a malicious local attacker, potentially resulting in local code execution.

Generated by OpenCVE AI on June 2, 2026 at 01:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the patch identified by commit bae99026ca97 or upgrade Orthanc to a version later than 1.12.11.
  • If the patch cannot be applied immediately, disable the DCMTK Parser or configure Orthanc to reject DICOM files that fail validation to prevent the overflow from occurring.
  • Restrict local access to the Orthanc service so only trusted users can submit DICOM files, and monitor import logs for anomalous activity.

Generated by OpenCVE AI on June 2, 2026 at 01:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named bae99026ca97. To fix this issue, it is recommended to deploy a patch.
Title Orthanc DICOM Server DCMTK FromDcmtkBridge.cpp read stack-based overflow
First Time appeared Orthanc
Orthanc dicom Server
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:orthanc:dicom_server:*:*:*:*:*:*:*:*
Vendors & Products Orthanc
Orthanc dicom Server
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Orthanc Dicom Server
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-02T12:23:36.816Z

Reserved: 2026-06-01T10:22:24.098Z

Link: CVE-2026-10528

cve-icon Vulnrichment

Updated: 2026-06-02T12:23:32.244Z

cve-icon NVD

Status : Deferred

Published: 2026-06-02T00:16:36.990

Modified: 2026-06-02T13:03:31.153

Link: CVE-2026-10528

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T02:00:13Z

Weaknesses