High severity7.1NVD Advisory· Published Apr 9, 2026· Updated Apr 14, 2026

CVE-2026-5441

Description

An out-of-bounds read vulnerability exists in the DecodePsmctRle1 function of DicomImageDecoder.cpp. The PMSCT_RLE1 decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.

Affected products

Orthanc Server/Orthanc
cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:*
Range: <1.12.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.cert.org/vuls/id/536588nvdThird Party AdvisoryVDB Entry
www.machinespirits.denvdNot Applicable
www.orthanc-server.comnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000