Orthanc DICOM Server Heap Buffer Overflow Vulnerability in Image Decoder

A heap buffer overflow vulnerability has been identified in Orthanc DICOM Server versions through 1.12.10. The issue arises in the DICOM image decoder, where dimension fields are incorrectly encoded using Value Representation (VR) Unsigned Long (UL) instead of the expected VR Unsigned Short (US). This discrepancy allows the processing of excessively large dimensions, leading to an integer overflow during frame size calculation. Consequently, the vulnerability causes out-of-bounds memory access during image decoding, potentially allowing for memory corruption or arbitrary code execution.

Impact

Exploitation of this vulnerability leads to heap memory corruption, with the possibility of crashing the Orthanc process. Under certain conditions, this vulnerability could be exploited to execute arbitrary code remotely.

Remediation

Users are advised to upgrade to Orthanc version 1.12.11, which addresses this vulnerability. Consult the Orthanc documentation and release notes for guidance on patching and deployment.