CVE-2026-5445
published 2026-04-09CVE-2026-5445: An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for…
PriorityP348critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
0.67%
47.1th percentile
An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | orthanc | — | — |
| orthanc-server | orthanc | < 1.12.11 | 1.12.11 |
| orthanc | dicom_server | <= 1.12.10 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g69c-6pfv-54p9: An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder
ghsa_unreviewed·2026-04-09
CVE-2026-5445 GHSA-g69c-6pfv-54p9: An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder
An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
VulDB
Orthanc DICOM Server up to 1.12.10 Image Parser DicomImageDecoder.cpp DecodeLookupTable out-of-bounds (EUVD-2026-20926)
vuldb·2026-04-09
CVE-2026-5445 [LOW] Orthanc DICOM Server up to 1.12.10 Image Parser DicomImageDecoder.cpp DecodeLookupTable out-of-bounds (EUVD-2026-20926)
A vulnerability, which was classified as problematic, has been found in Orthanc DICOM Server up to 1.12.10. This affects the function DecodeLookupTable of the file DicomImageDecoder.cpp of the component Image Parser. Performing a manipulation results in out-of-bounds read.
This vulnerability is known as CVE-2026-5445. Remote exploitation of the attack is possible. No exploit is available.
Debian
CVE-2026-5445: orthanc
vendor_debian·2026
CVE-2026-5445 CVE-2026-5445: orthanc
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
blogs_hackernews·2026-04-13·CVSS 8.6
[HIGH] ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a full-blown incident response is basically non-existent.
The variety this week is particularly nasty. We have AI models being turned into autonomous exploit engines, North Korean groups playing the long game
Wiz
CVE-2026-5445 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.0
CVE-2026-5445 [CRITICAL] CVE-2026-5445 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5445 :
Linux Debian vulnerability analysis and mitigation
DecodeLookupTable
DicomImageDecoder.cpp
PALETTE COLOR
Source : NVD
Published April 9, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
orthanc
Sources
NVD
Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026
Echo No Fix Added at: Apr 09, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux Debian vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA
2026-04-09
Published