VDB

CVE-2026-5437

CVE-2026-5437 PUBLISHED

An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.

EPSS 0.06% · 18.1th percentile

Risk Scores

EPSS Score
0.06%
18.1th percentile

Affected Products

VendorProductVersions
OrthancDICOM Server0

Timeline

  • Apr 9, 2026 CVE Published
  • Apr 9, 2026 PoC Published
  • Apr 9, 2026 Security Advisory
  • Apr 10, 2026 EPSS Score
  • Apr 14, 2026 CVE Updated
  • Apr 16, 2026 Security Advisory
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›