CVE-2026-5441 | THREATINT

Description

An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.

PUBLISHED Reserved 2026-04-02 | Published 2026-04-09 | Updated 2026-04-14 | Assigner certcc

Problem types

CWE-125 Out-of-bounds Read

Product status

Any version

affected

References

www.orthanc-server.com/

www.machinespirits.de/

kb.cert.org/vuls/id/536588

cve.org (CVE-2026-5441)

nvd.nist.gov (CVE-2026-5441)

Download JSON