VDB
CVE-2026-5445
CVE-2026-5445
PUBLISHED
An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
EPSS 0.07% · 21.1th percentile
Risk Scores
EPSS Score
0.07%
21.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Orthanc | DICOM Server | 0 |
Timeline
- Apr 9, 2026 CVE Published
- Apr 9, 2026 PoC Published
- Apr 9, 2026 Security Advisory
- Apr 10, 2026 EPSS Score
- Apr 14, 2026 CVE Updated
- Apr 15, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score