JustAppSec
UNKNOWN Severity

CVE-2026-5441

Last updated Apr 09, 2026 · Published Apr 09, 2026

← Back to list

Description

An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.

Affected products

1 listed
  • Orthanc:DICOM Server

Mappings

CWE

CWE-125

CAPEC

None listed.

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms

Need help?Get in touch.