Orthanc DICOM Server Out-of-Bounds Read Vulnerability in PMSCT RLE1 Decompression

A vulnerability allowing out-of-bounds read has been identified in the Orthanc DICOM Server image decoding component, specifically within the 'DecodePsmctRle1' function of 'DicomImageDecoder.cpp'. This issue arises in versions through 1.12.10. The vulnerability is related to the 'PMSCT_RLE1' decompression routine, which improperly validates escape markers near the end of the compressed data stream. As a result, a crafted sequence can cause the decoder to read beyond the allocated memory, leading to a leak of heap data into the rendered image output.

Impact

Exploitation of this vulnerability causes a heap-based out-of-bounds read, allowing the decoder to access memory beyond allocated buffers. This can result in the exposure of heap-resident data, including allocator metadata and portions of adjacent DICOM content, through the output image.

Remediation

Users are advised to upgrade to Orthanc version 1.12.11, which addresses this vulnerability. Consult the Orthanc documentation and release notes for guidance on patching and deployment.