VDB
CVE-2026-5437
CVE-2026-5437
PUBLISHED
An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
EPSS 0.06% · 18.1th percentile
Risk Scores
EPSS Score
0.06%
18.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Orthanc | DICOM Server | 0 |
Timeline
- Apr 9, 2026 CVE Published
- Apr 9, 2026 PoC Published
- Apr 9, 2026 Security Advisory
- Apr 10, 2026 EPSS Score
- Apr 14, 2026 CVE Updated
- Apr 16, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score