Heap Buffer Overflow in DICOM Image Decoder via VR UL...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.

AI Analysis

Heap buffer overflow in DICOM image decoder via VR UL dimensions

Basic Information

ID CVE-2026-5442

Source certcc

Published Apr 9, 2026 at 14:43

Modified Apr 14, 2026 at 16:34

Affected Product

Vendor Orthanc

Product DICOM Server

Affected Versions Orthanc DICOM Server 0

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Orthanc

Product DICOM Server

References

{
    "lastseen": "",
    "description": "A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.",
    "published": "2026-04-09T14:43:43.571Z",
    "modified": "2026-04-14T16:34:39.322Z",
    "type": "cve",
    "title": "Heap Buffer Overflow in DICOM Image Decoder via VR UL Dimensions",
    "source": "certcc",
    "references": "https://www.orthanc-server.com/\nhttps://www.machinespirits.de/\nhttps://kb.cert.org/vuls/id/536588",
    "id": "CVE-2026-5442",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Orthanc DICOM Server 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DICOM Server",
    "version": "0",
    "vendor": "Orthanc",
    "ai_description": "Heap buffer overflow in DICOM image decoder via VR UL dimensions",
    "ai_severity": "Critical",
    "ai_vendor": "Orthanc",
    "ai_product": "DICOM Server",
    "ai_version": "0",
    "ai_score": 9.8
}

Heap Buffer Overflow in DICOM Image Decoder via VR UL Dimensions_CVE-2026-5442