CVE-2026-5445

Medienbericht

EPSS 0.67%
Veröffentlicht 09.04.2026 14:42:51
Zuletzt bearbeitet 14.04.2026 20:10:01
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

Out-of-Bounds Read in DicomImageDecoder (DecodeLookupTable)

An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Orthanc-server ≫ Orthanc Version < 1.12.11

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.67%	0.469

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

13.04.2026 16:21

https://www.orthanc-server.com/

Product

https://www.machinespirits.de/

Not Applicable

https://kb.cert.org/vuls/id/536588

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2026-5445

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-5445

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-5445

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-5445