7.5

CVE-2026-5437

Medienbericht

EPSS 0.01%
Veröffentlicht 09.04.2026 14:44:17
Zuletzt bearbeitet 15.04.2026 19:14:31
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Orthanc-server ≫ Orthanc Version < 1.12.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.027

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://thehackernews.com/2026/04/weekly-recap-fiber-optic-spying-windows.html

Medienbericht

TheHackersNews

13.04.2026 16:21

https://www.orthanc-server.com/

Product

https://www.machinespirits.de/

Not Applicable

https://kb.cert.org/vuls/id/536588

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2026-5437

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-5437

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-5437

EUVD