Primary

Context

Orthanc DICOM Server Heap Buffer Overflow Vulnerability in Palette Color Image Decoding

Vulnerability

Patched

A heap buffer overflow vulnerability has been identified in Orthanc DICOM Server versions through 1.12.10. This vulnerability occurs during the decoding of 'PALETTE COLOR' DICOM images, where pixel length validation improperly uses 32-bit multiplication for width and height calculations. This can lead to integer overflow, allowing the decoder to read and write beyond allocated memory buffers.

Impact

Exploitation of this vulnerability causes heap memory corruption, with the potential to crash the Orthanc process. Under certain conditions, this memory corruption could be leveraged to execute arbitrary code remotely.

Remediation

Users are advised to upgrade to Orthanc version 1.12.11. Consult the Orthanc documentation and release notes for guidance on patching and deployment.

Added: Apr 9, 2026, 4:26 PM

Updated: Apr 9, 2026, 4:26 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.4

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.4

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Orthanc DICOM Server Heap Buffer Overflow Vulnerability in Palette Color Image Decoding

Vulnerability

Impact

Remediation

Affected Products

Orthanc

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating