HIGHCVE-2026-5437Published 2026-04-09Modified 2026-04-14CNA certcc

CVE-2026-5437: Out-of-Bounds Read in DicomStreamReader

An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Orthanc / DICOM Server
≤ 1.12.10

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

orthanc-server.com
machinespirits.de
kb.cert.org

Metrics