CVE-2026-5442: CWE-190 Integer Overflow or Wraparound in Orthanc DICOM Server
CVE-2026-5442 is a heap buffer overflow vulnerability in the Orthanc DICOM Server's image decoder. The vulnerability arises because dimension fields are encoded using an unexpected Value Representation (VR) Unsigned Long (UL) instead of the expected Unsigned Short (US). This discrepancy allows processing of extremely large dimensions, causing an integer overflow during frame size calculation and leading to out-of-bounds memory access during image decoding. No patch or official remediation has been confirmed yet, and no known exploits are reported in the wild.
AI Analysis
Technical Summary
This vulnerability in Orthanc DICOM Server involves improper handling of dimension fields in DICOM images. The decoder expects dimensions encoded as VR Unsigned Short but instead processes VR Unsigned Long values, which can be very large. This causes an integer overflow during the calculation of frame size, resulting in a heap buffer overflow due to out-of-bounds memory access during image decoding. The issue is classified under CWE-190 (Integer Overflow or Wraparound). There is no CVSS score or vendor-provided patch information available at this time. The vendor advisory from CERT is referenced but does not specify remediation details.
Potential Impact
The integer overflow and subsequent heap buffer overflow could potentially lead to memory corruption during image decoding. This may allow an attacker to cause application crashes or potentially execute arbitrary code if exploited. However, no known exploits are currently reported in the wild, and the exact impact depends on the attacker's ability to supply maliciously crafted DICOM images to the vulnerable server.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://kb.cert.org/vuls/id/536588 for current remediation guidance. Until an official fix is available, users should consider restricting access to the DICOM server and carefully validate or sanitize incoming DICOM images to prevent processing of maliciously crafted files that exploit this vulnerability.
CVE-2026-5442: CWE-190 Integer Overflow or Wraparound in Orthanc DICOM Server
Description
CVE-2026-5442 is a heap buffer overflow vulnerability in the Orthanc DICOM Server's image decoder. The vulnerability arises because dimension fields are encoded using an unexpected Value Representation (VR) Unsigned Long (UL) instead of the expected Unsigned Short (US). This discrepancy allows processing of extremely large dimensions, causing an integer overflow during frame size calculation and leading to out-of-bounds memory access during image decoding. No patch or official remediation has been confirmed yet, and no known exploits are reported in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Orthanc DICOM Server involves improper handling of dimension fields in DICOM images. The decoder expects dimensions encoded as VR Unsigned Short but instead processes VR Unsigned Long values, which can be very large. This causes an integer overflow during the calculation of frame size, resulting in a heap buffer overflow due to out-of-bounds memory access during image decoding. The issue is classified under CWE-190 (Integer Overflow or Wraparound). There is no CVSS score or vendor-provided patch information available at this time. The vendor advisory from CERT is referenced but does not specify remediation details.
Potential Impact
The integer overflow and subsequent heap buffer overflow could potentially lead to memory corruption during image decoding. This may allow an attacker to cause application crashes or potentially execute arbitrary code if exploited. However, no known exploits are currently reported in the wild, and the exact impact depends on the attacker's ability to supply maliciously crafted DICOM images to the vulnerable server.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://kb.cert.org/vuls/id/536588 for current remediation guidance. Until an official fix is available, users should consider restricting access to the DICOM server and carefully validate or sanitize incoming DICOM images to prevent processing of maliciously crafted files that exploit this vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- certcc
- Date Reserved
- 2026-04-02T19:22:48.196Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://kb.cert.org/vuls/id/536588","vendor":"CERT"}]
Threat ID: 69d7bcce1cc7ad14dad7b6f5
Added to database: 4/9/2026, 2:50:54 PM
Last enriched: 4/9/2026, 3:06:05 PM
Last updated: 4/9/2026, 3:53:04 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.