Out-of-Bounds Read in DicomStreamReader_CVE-2026-5437

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.

Basic Information

ID CVE-2026-5437

Source certcc

Published Apr 9, 2026 at 14:44

Modified Apr 14, 2026 at 16:34

Affected Product

Vendor Orthanc

Product DICOM Server

Affected Versions Orthanc DICOM Server 0

References

{
    "lastseen": "",
    "description": "An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.",
    "published": "2026-04-09T14:44:17.972Z",
    "modified": "2026-04-14T16:34:20.487Z",
    "type": "cve",
    "title": "Out-of-Bounds Read in DicomStreamReader",
    "source": "certcc",
    "references": "https://www.orthanc-server.com/\nhttps://www.machinespirits.de/\nhttps://kb.cert.org/vuls/id/536588",
    "id": "CVE-2026-5437",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Orthanc DICOM Server 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DICOM Server",
    "version": "0",
    "vendor": "Orthanc",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply