CVE-2026-5441: CWE-125 Out-of-bounds Read in Orthanc DICOM Server
An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
AI Analysis
Technical Summary
The Orthanc DICOM Server contains a vulnerability in the DecodePsmctRle1 function within DicomImageDecoder.cpp. Specifically, the PMSCT_RLE1 decompression routine does not properly validate escape markers placed near the end of the compressed data stream. This improper validation allows an attacker to craft a sequence that causes an out-of-bounds read beyond the allocated memory buffer, resulting in leakage of heap memory data into the output image. The vulnerability is tracked as CVE-2026-5441 and is classified under CWE-125 (Out-of-bounds Read). The CVSS 3.1 base score is 7.1, indicating high severity with local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, high confidentiality impact, no integrity impact, and high availability impact.
Potential Impact
Successful exploitation of this vulnerability can lead to leakage of sensitive heap memory data through the rendered image output, potentially exposing confidential information. The vulnerability also impacts availability due to the out-of-bounds read causing potential application crashes or denial of service. There is no indication of integrity compromise. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://kb.cert.org/vuls/id/536588 for current remediation guidance. Until an official fix is released, avoid processing untrusted or malformed Philips Compression format data with the affected Orthanc DICOM Server versions. Monitor the vendor advisory for updates on patches or mitigations.
CVE-2026-5441: CWE-125 Out-of-bounds Read in Orthanc DICOM Server
Description
An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Orthanc DICOM Server contains a vulnerability in the DecodePsmctRle1 function within DicomImageDecoder.cpp. Specifically, the PMSCT_RLE1 decompression routine does not properly validate escape markers placed near the end of the compressed data stream. This improper validation allows an attacker to craft a sequence that causes an out-of-bounds read beyond the allocated memory buffer, resulting in leakage of heap memory data into the output image. The vulnerability is tracked as CVE-2026-5441 and is classified under CWE-125 (Out-of-bounds Read). The CVSS 3.1 base score is 7.1, indicating high severity with local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, high confidentiality impact, no integrity impact, and high availability impact.
Potential Impact
Successful exploitation of this vulnerability can lead to leakage of sensitive heap memory data through the rendered image output, potentially exposing confidential information. The vulnerability also impacts availability due to the out-of-bounds read causing potential application crashes or denial of service. There is no indication of integrity compromise. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://kb.cert.org/vuls/id/536588 for current remediation guidance. Until an official fix is released, avoid processing untrusted or malformed Philips Compression format data with the affected Orthanc DICOM Server versions. Monitor the vendor advisory for updates on patches or mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- certcc
- Date Reserved
- 2026-04-02T19:22:35.863Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://kb.cert.org/vuls/id/536588","vendor":"CERT"}]
Threat ID: 69d7bcce1cc7ad14dad7b6f0
Added to database: 4/9/2026, 2:50:54 PM
Last enriched: 4/17/2026, 11:41:03 AM
Last updated: 5/24/2026, 9:40:05 PM
Views: 90
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.