UNKNOWN Severity
CVE-2026-5439
Last updated Apr 09, 2026 · Published Apr 09, 2026
Description
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
Affected products
1 listed- Orthanc:DICOM Server
Mappings
CWE
CWE-770
CAPEC
None listed.
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms