{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5443", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-04-02T19:23:06.757Z", "datePublished": "2026-04-09T14:43:15.227Z", "dateUpdated": "2026-04-14T16:34:45.930Z"}, "containers": {"cna": {"title": "Heap Buffer Overflow in DICOM Image Decoder (Palette Color Decode)", "descriptions": [{"lang": "en", "value": "A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Orthanc", "product": "DICOM Server", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.12.10", "versionType": "custom"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "references": [{"url": "https://www.orthanc-server.com/"}, {"url": "https://www.machinespirits.de/"}, {"url": "https://kb.cert.org/vuls/id/536588"}], "x_generator": {"engine": "VINCE 3.0.35", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5443"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-04-09T14:43:15.227Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T15:10:56.990073Z", "id": "CVE-2026-5443", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:34:45.930Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-5443", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T15:10:56.990073Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:11:32.431Z"}}], "cna": {"title": "Heap Buffer Overflow in DICOM Image Decoder (Palette Color Decode)", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Orthanc", "product": "DICOM Server", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.12.10"}]}], "references": [{"url": "https://www.orthanc-server.com/"}, {"url": "https://www.machinespirits.de/"}, {"url": "https://kb.cert.org/vuls/id/536588"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.35", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5443"}, "descriptions": [{"lang": "en", "value": "A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-04-09T14:43:15.227Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5443", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:34:45.930Z", "dateReserved": "2026-04-02T19:23:06.757Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-04-09T14:43:15.227Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:*", "matchCriteriaId": "A259075D-8B77-4B04-BC42-3E5ABE9DFE1F", "versionEndExcluding": "1.12.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers."}], "id": "CVE-2026-5443", "lastModified": "2026-04-14T20:19:55.763", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-09T15:16:16.653", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://kb.cert.org/vuls/id/536588"}, {"source": "cret@cert.org", "tags": ["Not Applicable"], "url": "https://www.machinespirits.de/"}, {"source": "cret@cert.org", "tags": ["Product"], "url": "https://www.orthanc-server.com/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.12.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "DICOM Server", "source": "cna", "vendor": "Orthanc"}, "product": "dicom_server", "vendor": "orthanc"}], "analysis": {"en": {"generated_at": "2026-04-15T19:37:49.985067+00:00", "value": {"mitigation_remediation": ["Apply the latest Orthanc patch as soon as it becomes available", "Verify that the patch resolves the buffer overflow by testing with malicious PALETTE COLOR files", "If a patch is not yet released, restrict external access to the DICOM service with firewalls or VPNs and monitor for anomalous image traffic"], "summary": {"action": "Patch Now", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Any installation of Orthanc DICOM Server may be affected because the CNA record lists the product without restricting to particular releases. Users should verify the version of Orthanc in use against vendor information and plan to upgrade once a patch addresses the buffer overflow.", "description_and_impact": "Orthanc DICOM Server has a heap buffer overflow that occurs while decoding PALETTE COLOR images. The decoder multiplies image width and height using 32\u2011bit arithmetic; if this multiplication overflows, the resulting pixel length validation incorrectly succeeds. The check fails to prevent the decoder from reading and writing beyond the allocated memory, allowing the attacker to overwrite adjacent heap objects and potentially execute arbitrary code. The flaw involves a heap buffer overflow (CWE\u2011787).", "risk_and_exploitability": "The severity score of 9.8 classifies this issue as Critical, while the EPSS score of less than 1% indicates a low current likelihood of widespread exploitation. The vulnerability is not included in the CISA KEV catalog. The likely attack vector is remote, inferred from the fact that DICOM images are received over the network by the server\u2019s DICOM service; an attacker can send a specially crafted pixel array to trigger the overflow."}}}}, "created": "2026-04-10T08:53:26.721632+00:00", "updated": "2026-04-15T19:45:12.725489+00:00", "vendors": ["orthanc", "orthanc$PRODUCT$dicom_server"]}