CVE-2026-5441
Out-of-Bounds Read in Philips PMSCT_RLE1 Decoder Leaks Heap Data
Publication date: 2026-04-09
Last updated on: 2026-04-14
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| orthanc-server | orthanc | to 1.12.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can lead to leakage of heap memory data into the rendered image output when decoding images compressed with the Philips Compression format.
This could expose sensitive or confidential data that resides in memory, potentially leading to information disclosure.
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read in the DecodePsmctRle1 function of DicomImageDecoder.cpp. Specifically, the PMSCT_RLE1 decompression routine, which handles the proprietary Philips Compression format, fails to properly validate escape markers near the end of the compressed data stream.
Because of this improper validation, a specially crafted sequence placed at the end of the buffer can cause the decoder to read memory beyond the allocated region.
This results in leaking heap data into the rendered image output.