Description
A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
Published: 2026-04-09
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Out-of-Bounds Memory Access
Action: Apply Patch
AI Analysis

Impact

A heap buffer overflow occurs when the DICOM image decoder processes dimension fields encoded as Unsigned Long instead of the expected Unsigned Short. The mismatch leads to an integer overflow during frame size calculation, causing an out-of-bounds write on the heap while decoding an image. This weakness is a classic heap buffer overflow and potentially allows an attacker to corrupt memory or crash the application.

Affected Systems

Orthanc DICOM Server is impacted. The advisory does not list a specific version range, implying that all releases that have not yet applied a patch are vulnerable. Operators should verify the version of Orthanc they are running and check the Orthanc website or related advisories for the latest fix.

Risk and Exploitability

Quantitative risk metrics are not supplied; no CVSS or EPSS score is available. The vulnerability is not present in the CISA KEV catalog, indicating no documented large-scale exploitation. Based on the description, the likely attack vector is remote if the server accepts DICOM files from outside the local network; local access also suffices. Exploitation requires delivery of a crafted DICOM file that triggers the overflow. No public exploit is known, but the crash or memory corruption represents a denial‑of‑service risk and could facilitate further compromise if the corrupted memory is leveraged by an attacker.

Generated by OpenCVE AI on April 9, 2026 at 18:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Orthanc update that includes the heap overflow fix.
  • If a patch is not yet available, block or restrict the reception of DICOM files from untrusted sources and consider disabling image decoding until a fix is released.
  • Monitor server logs for decoding errors, crashes, or abnormal activity that may signal an attempted exploit.
  • Run the Orthanc service with the minimal privileges required for operation to limit potential damage.

Generated by OpenCVE AI on April 9, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
CWE-680

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Orthanc
Orthanc dicom Server
Vendors & Products Orthanc
Orthanc dicom Server

Thu, 09 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
Title Heap Buffer Overflow in DICOM Image Decoder via VR UL Dimensions
References

Subscriptions

Orthanc Dicom Server
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-04-09T14:43:43.571Z

Reserved: 2026-04-02T19:22:48.196Z

Link: CVE-2026-5442

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-09T15:16:16.543

Modified: 2026-04-09T15:16:16.543

Link: CVE-2026-5442

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:32:38Z

Weaknesses