{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5443", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-04-02T19:23:06.757Z", "datePublished": "2026-04-09T14:43:15.227Z", "dateUpdated": "2026-04-09T14:43:15.227Z"}, "containers": {"cna": {"title": "Heap Buffer Overflow in DICOM Image Decoder (Palette Color Decode)", "descriptions": [{"lang": "en", "value": "A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Orthanc", "product": "DICOM Server", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.12.10", "versionType": "custom"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "references": [{"url": "https://www.orthanc-server.com/"}, {"url": "https://www.machinespirits.de/"}, {"url": "https://kb.cert.org/vuls/id/536588"}], "x_generator": {"engine": "VINCE 3.0.35", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5443"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-04-09T14:43:15.227Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers."}], "id": "CVE-2026-5443", "lastModified": "2026-04-09T15:16:16.653", "metrics": {}, "published": "2026-04-09T15:16:16.653", "references": [{"source": "cret@cert.org", "url": "https://kb.cert.org/vuls/id/536588"}, {"source": "cret@cert.org", "url": "https://www.machinespirits.de/"}, {"source": "cret@cert.org", "url": "https://www.orthanc-server.com/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.12.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "DICOM Server", "source": "cna", "vendor": "Orthanc"}, "product": "dicom_server", "vendor": "orthanc"}], "analysis": {"en": {"generated_at": "2026-04-09T16:24:58.587205+00:00", "value": {"mitigation_remediation": ["Check the Orthanc website or contact the vendor for a patch or update that addresses the buffer overflow.", "Upgrade to the latest Orthanc release once a fix is available.", "If a patch is not yet released, consider disabling PALETTE COLOR image decoding or rejecting such images from the server as a temporary safeguard.", "Continue to monitor Orthanc vendor advisories and apply any security updates promptly."], "summary": {"action": "Immediate Patch", "impact": "Remote code execution via heap buffer overflow"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Orthanc DICOM Server. No specific product versions are listed in the available information; administrators should verify whether their deployment uses versions susceptible to the described issue.", "description_and_impact": "During the decoding of PALETTE COLOR DICOM images, the Orthanc DICOM Server performs pixel length validation using 32\u2011bit multiplication for width and height. If the resulting product overflows, the check incorrectly succeeds, allowing the decoder to read and write beyond allocated buffers. This heap buffer overflow can corrupt memory and potentially enable arbitrary code execution or denial of service.", "risk_and_exploitability": "Because the flaw is a classic heap buffer overflow, it presents a high risk of exploitation, especially if attackers can supply crafted DICOM files to the server. The CVSS score is not provided, and EPSS data is unavailable, but the nature of the vulnerability suggests that exploitation is feasible with minimal prerequisites. The vulnerability is not yet listed in the CISA KEV catalog, but that does not diminish its potential impact. Attacks would likely occur remotely via the network path that delivers DICOM images to the server."}}}}, "created": "2026-04-10T08:53:26.721632+00:00", "updated": "2026-04-10T09:32:39.138098+00:00", "vendors": ["orthanc", "orthanc$PRODUCT$dicom_server"], "weaknesses": ["CWE-122", "CWE-190"]}