CVE-2026-5437

Medienbericht

EPSS 0.64%
Veröffentlicht 09.04.2026 14:44:17
Zuletzt bearbeitet 15.04.2026 19:14:31
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

Out-of-Bounds Read in DicomStreamReader

An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Orthanc-server ≫ Orthanc Version < 1.12.11

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.459

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

13.04.2026 16:21

https://www.orthanc-server.com/

Product

https://www.machinespirits.de/

Not Applicable

https://kb.cert.org/vuls/id/536588

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2026-5437

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-5437

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-5437

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-5437