CVE-2026-5443 - Vulnerability Details

- Heap Buffer Overflow in DICOM Image Decoder (Palette Color Decode)

Description

A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.

Published: 2026-04-09

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Orthanc DICOM Server has a heap buffer overflow that occurs while decoding PALETTE COLOR images. The decoder multiplies image width and height using 32‑bit arithmetic; if this multiplication overflows, the resulting pixel length validation incorrectly succeeds. The check fails to prevent the decoder from reading and writing beyond the allocated memory, allowing the attacker to overwrite adjacent heap objects and potentially execute arbitrary code. The flaw involves a heap buffer overflow (CWE‑787).

Affected Systems

Any installation of Orthanc DICOM Server may be affected because the CNA record lists the product without restricting to particular releases. Users should verify the version of Orthanc in use against vendor information and plan to upgrade once a patch addresses the buffer overflow.

Risk and Exploitability

The severity score of 9.8 classifies this issue as Critical, while the EPSS score of less than 1% indicates a low current likelihood of widespread exploitation. The vulnerability is not included in the CISA KEV catalog. The likely attack vector is remote, inferred from the fact that DICOM images are received over the network by the server’s DICOM service; an attacker can send a specially crafted pixel array to trigger the overflow.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Orthanc

DICOM Server

affected

Version	Status	Constraints
`0`	affected	≤ 1.12.10

Configuration 1 [-]

cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Orthanc

Dicom Server

100%

Version	Status	Scheme	Platform
`[0,1.12.10]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Orthanc patch as soon as it becomes available
Verify that the patch resolves the buffer overflow by testing with malicious PALETTE COLOR files
If a patch is not yet released, restrict external access to the DICOM service with firewalls or VPNs and monitor for anomalous image traffic

Generated by OpenCVE AI on April 15, 2026 at 19:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00062.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://kb.cert.org/vuls/id/536588
https://www.machinespirits.de/
https://www.orthanc-server.com/

History

Wed, 15 Apr 2026 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-122 CWE-190

Tue, 14 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Orthanc-server Orthanc-server orthanc
Weaknesses		CWE-787
CPEs		cpe:2.3:a:orthanc-server:orthanc::::::::
Vendors & Products		Orthanc-server Orthanc-server orthanc

Tue, 14 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 10 Apr 2026 10:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-122 CWE-190

Fri, 10 Apr 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Orthanc Orthanc dicom Server
Vendors & Products		Orthanc Orthanc dicom Server

Thu, 09 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.
Title		Heap Buffer Overflow in DICOM Image Decoder (Palette Color Decode)
References		https://kb.cert.org/vuls/id/536588 https://www.machinespirits.de/ https://www.orthanc-server.com/

Subscriptions

Orthanc Dicom Server

Orthanc-server Orthanc

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2026-04-09T14:43:15.227Z

Updated: 2026-04-14T16:34:45.930Z

Reserved: 2026-04-02T19:23:06.757Z

Link: CVE-2026-5443

Vulnrichment

Updated: 2026-04-14T15:11:32.431Z

NVD

Status : Analyzed

Published: 2026-04-09T15:16:16.653

Modified: 2026-04-14T20:19:55.763

Link: CVE-2026-5443

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-15T19:45:12Z

Weaknesses

CWE-787

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object