CVE-2026-5444 - Vulnerability Details

- Heap Buffer Overflow in PAM Image Buffer Allocation

Description

A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.

Published: 2026-04-09

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Orthanc’s DICOM server can overflow a heap buffer when it processes a carefully crafted PAM image embedded in a DICOM file. The server multiplies the image’s width and height using 32‑bit unsigned arithmetic; if these values are chosen to trigger an integer overflow, the computed buffer size becomes smaller than the actual number of pixels that will be written. The write operation then exceeds the allocated memory, corrupting heap data and potentially leading to unpredictable execution, denial of service, or arbitrary code execution.

Affected Systems

The vulnerability affects the Orthanc DICOM Server, specifically any release that supports PAM image parsing. No particular version range is provided, so all installations with PAM handling should be considered vulnerable until a patch is applied.

Risk and Exploitability

The flaw carries a CVSS score of 7.1, indicating high severity. The estimated EPSS score is less than 1%, suggesting a low likelihood of exploitation in the wild, and the issue is not listed in the CISA KEV catalog. Orthanc normally receives DICOM files over a network connection, so a remote attacker who can supply a malicious file could trigger the overflow. Because the overflow can corrupt memory and may allow arbitrary code execution, the potential impact is significant, even if the chance of exploitation remains modest at present.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Orthanc

DICOM Server

affected

Version	Status	Constraints
`0`	affected	≤ 1.12.10

Configuration 1 [-]

cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Orthanc

Dicom Server

100%

Version	Status	Scheme	Platform
`[0,1.12.10]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Orthanc patch or upgrade to a version that resolves the PAM image parsing flaw.
If a patch is unavailable, restrict network access to the Orthanc server so that only trusted hosts can submit DICOM files.
Disable the PAM image support feature if it is not required, or enforce stricter input validation for incoming files.

Generated by OpenCVE AI on April 15, 2026 at 22:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://kb.cert.org/vuls/id/536588
https://www.machinespirits.de/
https://www.orthanc-server.com/

History

Wed, 15 Apr 2026 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-122 CWE-680

Tue, 14 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Orthanc-server Orthanc-server orthanc
Weaknesses		CWE-787
CPEs		cpe:2.3:a:orthanc-server:orthanc::::::::
Vendors & Products		Orthanc-server Orthanc-server orthanc

Tue, 14 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 10 Apr 2026 10:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-122 CWE-680

Fri, 10 Apr 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Orthanc Orthanc dicom Server
Vendors & Products		Orthanc Orthanc dicom Server

Thu, 09 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
Title		Heap Buffer Overflow in PAM Image Buffer Allocation
References		https://kb.cert.org/vuls/id/536588 https://www.machinespirits.de/ https://www.orthanc-server.com/

Subscriptions

Orthanc Dicom Server

Orthanc-server Orthanc

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2026-04-09T14:42:30.696Z

Updated: 2026-04-14T16:34:57.706Z

Reserved: 2026-04-02T19:23:20.072Z

Link: CVE-2026-5444

Vulnrichment

Updated: 2026-04-14T15:07:57.475Z

NVD

Status : Analyzed

Published: 2026-04-09T15:16:16.760

Modified: 2026-04-14T20:20:10.767

Link: CVE-2026-5444

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-15T22:45:16Z

Weaknesses

CWE-787

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object