CVE-2026-5444
published 2026-04-09CVE-2026-5444: A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image…
PriorityP430high7.1CVSS 3.1
AVLACLPRNUIRSUCNIHAH
EPSS
0.16%
5.8th percentile
A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | orthanc | — | — |
| orthanc-server | orthanc | < 1.12.11 | 1.12.11 |
| orthanc | dicom_server | <= 1.12.10 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2026-5444: orthanc
vendor_debian·2026
CVE-2026-5444 CVE-2026-5444: orthanc
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
VulDB
Orthanc DICOM Server up to 1.12.10 PAM Image Parser integer overflow (EUVD-2026-20924)
vuldb·2026-04-09
CVE-2026-5444 [CRITICAL] Orthanc DICOM Server up to 1.12.10 PAM Image Parser integer overflow (EUVD-2026-20924)
A vulnerability labeled as critical has been found in Orthanc DICOM Server up to 1.12.10. This vulnerability affects unknown code of the component PAM Image Parser. Executing a manipulation can lead to integer overflow.
This vulnerability is registered as CVE-2026-5444. It is possible to launch the attack remotely. No exploit is available.
GHSA
GHSA-fpm7-vpjm-5gg2: A heap buffer overflow vulnerability exists in the PAM image parsing logic
ghsa_unreviewed·2026-04-09
CVE-2026-5444 GHSA-fpm7-vpjm-5gg2: A heap buffer overflow vulnerability exists in the PAM image parsing logic
A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
No detection rules found.
No public exploits indexed.
2026-04-09
Published