Main Vulnerability Database Vulnerabilities #VU125673

#VU125673 Heap-based buffer overflow in Orthanc - CVE-2026-5442

Published: April 9, 2026

Vulnerability identifier: #VU125673

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-5442

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Orthanc

Software vendor:
Orthanc

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in the DICOM image decoder when decoding images with dimension fields encoded as VR Unsigned Long values. A remote attacker can supply a crafted DICOM file with extremely large dimensions to execute arbitrary code.

The issue is triggered by an integer overflow during frame size calculation.

Remediation

Install security update from vendor's website.

External links

https://www.kb.cert.org/vuls/id/536588
https://www.machinespirits.com/advisory/615070/

#VU125673 Heap-based buffer overflow in Orthanc - CVE-2026-5442

Description

Remediation

External links

Please verify you're human