Description
An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
Published: 2026-04-09
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via Out-of-Bounds Read
Action: Update Server
AI Analysis

Impact

An out-of-bounds read occurs in the DecodeLookupTable routine of the DicomImageDecoder when handling PALETTE COLOR images. The validator does not check whether pixel indices are within the bounds of the lookup table, allowing a malicious image file with indices larger than the palette to force the decoder to read beyond the allocated buffer and expose arbitrary heap contents in the decoded image. This results in information disclosure, enabling an attacker to access sensitive data that may reside in the server’s memory at the time of decoding.

Affected Systems

The Orthanc DICOM Server product is affected. No specific version numbers are provided, so all releases that include the vulnerable DicomImageDecoder implementation could be impacted.

Risk and Exploitability

The exploitation leads to moderate‑to‑high information disclosure. The vulnerability does not provide code execution or denial of service. An attacker would need to craft a PALETTE COLOR image and deliver it to Orthanc, for example, via the web interface or API. EPSS data is not available and the CVE is not listed in the CISA KEV catalog, so the likelihood of widespread exploitation is uncertain, but the impact remains significant.

Generated by OpenCVE AI on April 9, 2026 at 16:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Orthanc website for a patch that addresses CVE‑2026‑5445 and apply it immediately.
  • If a patch is unavailable, configure Orthanc to reject or disable PALETTE COLOR images or enforce strict index validation through server settings.
  • Monitor Orthanc logs for abnormal decoding failures and block repeated attempts from suspicious sources.
  • Restrict network access to the Orthanc instance to trusted users only, limiting the attack surface.

Generated by OpenCVE AI on April 9, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-20

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Orthanc
Orthanc dicom Server
Vendors & Products Orthanc
Orthanc dicom Server

Thu, 09 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
Title Out-of-Bounds Read in DicomImageDecoder (DecodeLookupTable)
References

Subscriptions

Orthanc Dicom Server
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-04-09T14:42:51.673Z

Reserved: 2026-04-02T19:23:30.637Z

Link: CVE-2026-5445

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-09T15:16:16.863

Modified: 2026-04-09T15:16:16.863

Link: CVE-2026-5445

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:32:40Z

Weaknesses