CVE-2026-5437

HIGH 7.5

Out-of-Bounds Read in DicomStreamReader

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.

Vendor	orthanc
Product	dicom server
Published	Apr 9, 2026
Last Updated	Apr 14, 2026

Stay Ahead of the Next One

Get instant alerts for orthanc dicom server

Be the first to know when new high vulnerabilities affecting orthanc dicom server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Orthanc / DICOM Server

0 ≤ 1.12.10

References

NVD ↗ CVE.org ↗ EPSS Data ↗

orthanc-server.com: https://www.orthanc-server.com/ machinespirits.de: https://www.machinespirits.de/ kb.cert.org: https://kb.cert.org/vuls/id/536588