An out-of-bounds read occurs in the DecodePsmctRle1 function used by Orthanc to decompress Philips PMSCT_RLE1 DICOM files. The decompression routine fails to validate escape markers near the end of the compressed stream. When a maliciously crafted sequence is placed at the end of the buffer, the decoder reads beyond the allocated memory, leaking heap data into the rendered image output. The result is an unintended disclosure of sensitive memory contents, potentially exposing confidential information to an attacker. This vulnerability does not provide direct execution of code but allows information compromise.

The flaw resides in the Orthanc DICOM Server. Any deployment that includes the affected DicomImageDecoder implementation and processes PMSCT_RLE1 compressed data is potentially exposed. Vendor supplied version information is not provided, so all current releases that have not been patched may be at risk until an update is released.

No EPSS score and the issue is not listed in the KEV catalog, indicating no public exploit at this time. The CVSS rating is not given, but the lack of RCE and requirement of a crafted DICOM file suggest a medium severity. An attacker would need to supply a malicious DICOM file using the Philips compression format; the server would be required to parse it, after which memory contents could leak. The potential impact is limited to confidentiality leakage rather than denial of service or privilege escalation. The overall risk is moderate for environments that accept untrusted DICOM files, especially those handling sensitive patient data.