ГлавнаяУязвимости → CVE-2026-5441
7.1высокая

CVE-2026-5441

Описание

An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.

Затрагиваемое ПО
Orthanc-server Orthanc
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Источники
https://kb.cert.org/vuls/id/536588https://www.machinespirits.de/https://www.orthanc-server.com/