An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Orthanc |
|
No data.
No data.
References
History
Fri, 10 Apr 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-125 CWE-20 |
Fri, 10 Apr 2026 09:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Orthanc
Orthanc dicom Server |
|
| Vendors & Products |
Orthanc
Orthanc dicom Server |
Thu, 09 Apr 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output. | |
| Title | Out-of-Bounds Read in DicomImageDecoder (PMSCT_RLE1 Decompression) | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: certcc
Published: 2026-04-09T14:42:04.597Z
Updated: 2026-04-09T14:42:04.597Z
Reserved: 2026-04-02T19:22:35.863Z
Link: CVE-2026-5441
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-04-09T15:16:16.443
Modified: 2026-04-09T15:16:16.443
Link: CVE-2026-5441
Redhat
No data.