CVE-2026-5444

HIGH 7.1

Heap Buffer Overflow in PAM Image Buffer Allocation

CVSS Score

7.1

EPSS Score

0.0%

EPSS Percentile

0th

A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.

Vendor	orthanc
Product	dicom server
Published	Apr 9, 2026
Last Updated	Apr 14, 2026

Stay Ahead of the Next One

Get instant alerts for orthanc dicom server

Be the first to know when new high vulnerabilities affecting orthanc dicom server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Orthanc / DICOM Server

0 ≤ 1.12.10

References

NVD ↗ CVE.org ↗ EPSS Data ↗

orthanc-server.com: https://www.orthanc-server.com/ machinespirits.de: https://www.machinespirits.de/ kb.cert.org: https://kb.cert.org/vuls/id/536588