CVE-2026-5441
published 2026-04-09CVE-2026-5441: An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes…
PriorityP430high7.1CVSS 3.1
AVLACLPRNUIRSUCHINAH
EPSS
0.14%
3.4th percentile
An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | orthanc | — | — |
| orthanc-server | orthanc | < 1.12.11 | 1.12.11 |
| orthanc | dicom_server | <= 1.12.10 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5jvx-5q86-rxx3: An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder
ghsa_unreviewed·2026-04-09
CVE-2026-5441 GHSA-5jvx-5q86-rxx3: An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder
An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
VulDB
Orthanc DICOM Server up to 1.12.10 Image Parser DicomImageDecoder.cpp DecodePsmctRle1 out-of-bounds (EUVD-2026-20918)
vuldb·2026-04-09
CVE-2026-5441 [LOW] Orthanc DICOM Server up to 1.12.10 Image Parser DicomImageDecoder.cpp DecodePsmctRle1 out-of-bounds (EUVD-2026-20918)
A vulnerability described as problematic has been identified in Orthanc DICOM Server up to 1.12.10. Impacted is the function DecodePsmctRle1 of the file DicomImageDecoder.cpp of the component Image Parser. The manipulation results in out-of-bounds read.
This vulnerability is reported as CVE-2026-5441. The attack can be launched remotely. No exploit exists.
Debian
CVE-2026-5441: orthanc
vendor_debian·2026
CVE-2026-5441 CVE-2026-5441: orthanc
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No public exploits indexed.
2026-04-09
Published