{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5444", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-04-02T19:23:20.072Z", "datePublished": "2026-04-09T14:42:30.696Z", "dateUpdated": "2026-04-09T14:42:30.696Z"}, "containers": {"cna": {"title": "Heap Buffer Overflow in PAM Image Buffer Allocation", "descriptions": [{"lang": "en", "value": "A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Orthanc", "product": "DICOM Server", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.12.10", "versionType": "custom"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "references": [{"url": "https://www.orthanc-server.com/"}, {"url": "https://www.machinespirits.de/"}, {"url": "https://kb.cert.org/vuls/id/536588"}], "x_generator": {"engine": "VINCE 3.0.35", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5444"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-04-09T14:42:30.696Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing."}], "id": "CVE-2026-5444", "lastModified": "2026-04-09T15:16:16.760", "metrics": {}, "published": "2026-04-09T15:16:16.760", "references": [{"source": "cret@cert.org", "url": "https://kb.cert.org/vuls/id/536588"}, {"source": "cret@cert.org", "url": "https://www.machinespirits.de/"}, {"source": "cret@cert.org", "url": "https://www.orthanc-server.com/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.12.10]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "DICOM Server", "source": "cna", "vendor": "Orthanc"}, "product": "dicom_server", "vendor": "orthanc"}], "analysis": {"en": {"generated_at": "2026-04-09T16:25:33.240751+00:00", "value": {"mitigation_remediation": ["Check the Orthanc website or vendor support for an official patch and apply it immediately.", "If no patch is available, temporarily disable support for PAM images or filter incoming DICOM files to block those containing PAM data.", "Continuously monitor Orthanc logs for failures or abnormal activity that might indicate exploitation attempts."], "summary": {"action": "Patch Now", "impact": "Heap Buffer Overflow leading to potential remote code execution"}, "threat_synthesis": {"affected_systems": "Orthanc, the open-source DICOM Server, is affected; all installations that accept DICOM files containing PAM images are at risk and, because no version limits are provided, every current release should be considered vulnerable until a vendor fix is released.", "description_and_impact": "A heap buffer overflow exists in Orthanc when it parses a PAM image embedded in a DICOM file; the software multiplies image dimensions with 32\u2011bit unsigned arithmetic, and deliberately chosen values cause an integer overflow that results in a small buffer being allocated while pixel processing writes beyond its bounds, corrupting memory and potentially allowing an attacker to execute arbitrary code if the server processes untrusted files.", "risk_and_exploitability": "The CVSS score is not supplied, but the absence of a patch and the ability for an attacker to trigger the flaw remotely by crafting a DICOM file suggest high exploitability; EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, yet the attack vector is remote over the network where malicious DICOM uploads are processed, posing a significant threat to exposed servers."}}}}, "created": "2026-04-10T08:53:28.731209+00:00", "updated": "2026-04-10T09:32:41.197915+00:00", "vendors": ["orthanc", "orthanc$PRODUCT$dicom_server"], "weaknesses": ["CWE-680", "CWE-122"]}