Out-of-Bounds Read Vulnerability in Philips DICOM Image Decoder
CVE-2026-5441

Currently unrated

Key Information:

Vendor: Orthanc
Status: Dicom Server
Vendor: CVE Published:; 9 April 2026

What is CVE-2026-5441?

A vulnerability exists in the DecodePsmctRle1 function of the DICOM Image Decoder within Philips products. This flaw arises due to improper validation of escape markers in the PMSCT_RLE1 decompression routine. When specially crafted data is processed near the end of the compressed data stream, it can lead to out-of-bounds reads, allowing attackers to access sensitive memory contents that should remain confidential. This vulnerability can potentially expose heap data through the rendered image output, posing risks to data integrity and security.

Affected Version(s)

DICOM Server 0 <= 1.12.10

References

https://www.orthanc-server.com/

https://www.machinespirits.de/

https://kb.cert.org/vuls/id/536588

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Apr 2, 2026

CVE-2026-5441 Data

JSON

Orthanc

What is CVE-2026-5441?

Affected Version(s)

References

Timeline