The Orthanc DICOM Server contains a heap buffer overflow in its image decoder. The decoder mistakenly accepts dimension fields encoded as Unsigned Long instead of Unsigned Short, allowing a malicious DICOM file to specify dimensions that overflow an integer used in frame size computation. The resulting integer overflow causes an out-of-bounds memory write during decoding, which can corrupt memory and potentially crash the server or, if attacker-controlled data is correctly positioned, lead to code execution. The vulnerability details only confirm memory corruption, and the possibility of arbitrary code execution is inferred and not definitively proven by the CVE description.

Any deployed instance of Orthanc DICOM Server that uses the described decoder logic is potentially vulnerable. The CNA does not list specific product versions or releases, so administrators should verify the version and check the change log or source code for the decoder component to assess exposure.

With a CVSS score of 9.8 the technical impact is severe, yet the EPSS score is less than 1 % indicating that exploitation is currently rare. The risk is further mitigated by the fact that the vulnerability is not included in the CISA KEV catalog. The likely attack vector is remote: an adversary can deliver a malicious DICOM file to the server over a network connection. If this flaw is exploited, the server may crash or potentially be taken over, compromising the integrity and availability of patient data.