Description
A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
Published: 2026-04-09
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Heap Buffer Overflow leading to potential remote code execution
Action: Patch Now
AI Analysis

Impact

A heap buffer overflow exists in Orthanc when it parses a PAM image embedded in a DICOM file; the software multiplies image dimensions with 32‑bit unsigned arithmetic, and deliberately chosen values cause an integer overflow that results in a small buffer being allocated while pixel processing writes beyond its bounds, corrupting memory and potentially allowing an attacker to execute arbitrary code if the server processes untrusted files.

Affected Systems

Orthanc, the open-source DICOM Server, is affected; all installations that accept DICOM files containing PAM images are at risk and, because no version limits are provided, every current release should be considered vulnerable until a vendor fix is released.

Risk and Exploitability

The CVSS score is not supplied, but the absence of a patch and the ability for an attacker to trigger the flaw remotely by crafting a DICOM file suggest high exploitability; EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, yet the attack vector is remote over the network where malicious DICOM uploads are processed, posing a significant threat to exposed servers.

Generated by OpenCVE AI on April 9, 2026 at 16:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Orthanc website or vendor support for an official patch and apply it immediately.
  • If no patch is available, temporarily disable support for PAM images or filter incoming DICOM files to block those containing PAM data.
  • Continuously monitor Orthanc logs for failures or abnormal activity that might indicate exploitation attempts.

Generated by OpenCVE AI on April 9, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
CWE-680

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Orthanc
Orthanc dicom Server
Vendors & Products Orthanc
Orthanc dicom Server

Thu, 09 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
Title Heap Buffer Overflow in PAM Image Buffer Allocation
References

Subscriptions

Orthanc Dicom Server
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-04-09T14:42:30.696Z

Reserved: 2026-04-02T19:23:20.072Z

Link: CVE-2026-5444

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-09T15:16:16.760

Modified: 2026-04-09T15:16:16.760

Link: CVE-2026-5444

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:32:41Z

Weaknesses