Orthanc DICOM Server DCMTK FromDcmtkBridge.cpp read stack-based overflow_CVE-2026-10528

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named bae99026ca97. To fix this issue, it is recommended to deploy a patch.

Basic Information

ID CVE-2026-10528

Source VulDB

Published Jun 2, 2026 at 00:00

Affected Product

Vendor Orthanc

Product DICOM Server

Version 1.12.0

Affected Versions Orthanc DICOM Server 1.12.0
Orthanc DICOM Server 1.12.1
Orthanc DICOM Server 1.12.2
Orthanc DICOM Server 1.12.3
Orthanc DICOM Server 1.12.4
Orthanc DICOM Server 1.12.5
Orthanc DICOM Server 1.12.6
Orthanc DICOM Server 1.12.7
Orthanc DICOM Server 1.12.8
Orthanc DICOM Server 1.12.9
Orthanc DICOM Server 1.12.10
Orthanc DICOM Server 1.12.11

CWE Classification

CWE-121 CWE-119

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named bae99026ca97. To fix this issue, it is recommended to deploy a patch.",
    "published": "2026-06-02T00:00:17.171Z",
    "modified": "2026-06-02T00:00:17.171Z",
    "type": "cve",
    "title": "Orthanc DICOM Server DCMTK FromDcmtkBridge.cpp read stack-based overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367636\nhttps://vuldb.com/vuln/367636/cti\nhttps://vuldb.com/cve/CVE-2026-10528\nhttps://vuldb.com/submit/820766\nhttps://orthanc.uclouvain.be/bugs/show_bug.cgi?id=258\nhttps://orthanc.uclouvain.be/bugs/show_bug.cgi?id=258#c4\nhttps://orthanc.uclouvain.be/bugs/attachment.cgi?id=150\nhttps://orthanc.uclouvain.be/hg/orthanc/rev/bae99026ca97",
    "id": "CVE-2026-10528",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Orthanc DICOM Server 1.12.0\nOrthanc DICOM Server 1.12.1\nOrthanc DICOM Server 1.12.2\nOrthanc DICOM Server 1.12.3\nOrthanc DICOM Server 1.12.4\nOrthanc DICOM Server 1.12.5\nOrthanc DICOM Server 1.12.6\nOrthanc DICOM Server 1.12.7\nOrthanc DICOM Server 1.12.8\nOrthanc DICOM Server 1.12.9\nOrthanc DICOM Server 1.12.10\nOrthanc DICOM Server 1.12.11",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DICOM Server",
    "version": "1.12.0",
    "vendor": "Orthanc",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}