CVE-2026-5445: CWE-125 Out-of-bounds Read in Orthanc DICOM Server
An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
AI Analysis
Technical Summary
An out-of-bounds read vulnerability (CWE-125) exists in the DecodeLookupTable function of Orthanc DICOM Server's DicomImageDecoder.cpp. The vulnerability arises because the code does not validate pixel indices against the size of the lookup table when decoding PALETTE COLOR images. Maliciously crafted images with indices exceeding the palette size cause the decoder to read memory beyond the allocated lookup table, exposing heap memory contents in the output image. This can lead to information disclosure and denial of service. The vulnerability is publicly documented with a CVSS 3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). No patch or official fix is currently referenced in the vendor advisory.
Potential Impact
Successful exploitation can lead to exposure of heap memory contents, resulting in a confidentiality breach. Additionally, the vulnerability impacts availability by causing a denial of service condition. Integrity is not affected. The vulnerability is remotely exploitable without privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://kb.cert.org/vuls/id/536588 for current remediation guidance. Until a fix is available, avoid processing untrusted PALETTE COLOR DICOM images or implement network-level controls to restrict access to the Orthanc DICOM Server from untrusted sources.
CVE-2026-5445: CWE-125 Out-of-bounds Read in Orthanc DICOM Server
Description
An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
An out-of-bounds read vulnerability (CWE-125) exists in the DecodeLookupTable function of Orthanc DICOM Server's DicomImageDecoder.cpp. The vulnerability arises because the code does not validate pixel indices against the size of the lookup table when decoding PALETTE COLOR images. Maliciously crafted images with indices exceeding the palette size cause the decoder to read memory beyond the allocated lookup table, exposing heap memory contents in the output image. This can lead to information disclosure and denial of service. The vulnerability is publicly documented with a CVSS 3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). No patch or official fix is currently referenced in the vendor advisory.
Potential Impact
Successful exploitation can lead to exposure of heap memory contents, resulting in a confidentiality breach. Additionally, the vulnerability impacts availability by causing a denial of service condition. Integrity is not affected. The vulnerability is remotely exploitable without privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://kb.cert.org/vuls/id/536588 for current remediation guidance. Until a fix is available, avoid processing untrusted PALETTE COLOR DICOM images or implement network-level controls to restrict access to the Orthanc DICOM Server from untrusted sources.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- certcc
- Date Reserved
- 2026-04-02T19:23:30.637Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://kb.cert.org/vuls/id/536588","vendor":"CERT"}]
Threat ID: 69d7bcce1cc7ad14dad7b704
Added to database: 4/9/2026, 2:50:54 PM
Last enriched: 4/17/2026, 11:41:27 AM
Last updated: 5/24/2026, 9:41:08 PM
Views: 86
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.