9.1

CVE-2026-5445

Medienbericht

EPSS 0.02%
Veröffentlicht 09.04.2026 14:42:51
Zuletzt bearbeitet 14.04.2026 20:10:01
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Orthanc-server ≫ Orthanc Version < 1.12.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.04

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://thehackernews.com/2026/04/weekly-recap-fiber-optic-spying-windows.html

Medienbericht

TheHackersNews

13.04.2026 16:21

https://www.orthanc-server.com/

Product

https://www.machinespirits.de/

Not Applicable

https://kb.cert.org/vuls/id/536588

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2026-5445

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-5445

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-5445

EUVD