Heap Buffer Overflow Vulnerability in Orthanc by Team Machine Spirits
CVE-2026-5444

Currently unrated

Key Information:

Vendor: Orthanc
Status: Dicom Server
Vendor: CVE Published:; 9 April 2026

What is CVE-2026-5444?

A heap buffer overflow vulnerability is present in the image parsing logic of Orthanc, specifically when processing PAM images embedded within DICOM files. The vulnerability arises as crafted images trigger integer overflows during buffer size calculations due to improper handling of image dimensions using 32-bit unsigned arithmetic. This can lead to the allocation of insufficient buffers, followed by excessive write operations during pixel processing, potentially resulting in application crashes or exploitation opportunities.

Affected Version(s)

DICOM Server 0 <= 1.12.10

References

https://www.orthanc-server.com/

https://www.machinespirits.de/

https://kb.cert.org/vuls/id/536588

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Apr 2, 2026

CVE-2026-5444 Data

JSON