CVE-2026-5442 | THREATINT

Description

A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.

PUBLISHED Reserved 2026-04-02 | Published 2026-04-09 | Updated 2026-04-14 | Assigner certcc

Problem types

CWE-190 Integer Overflow or Wraparound

Product status

Any version

affected

References

www.orthanc-server.com/

www.machinespirits.de/

kb.cert.org/vuls/id/536588

cve.org (CVE-2026-5442)

nvd.nist.gov (CVE-2026-5442)

Download JSON