VDB

CVE-2026-5445

CVE-2026-5445 PUBLISHED

An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.

EPSS 0.07% · 21.1th percentile

Risk Scores

EPSS Score
0.07%
21.1th percentile

Affected Products

VendorProductVersions
OrthancDICOM Server0

Timeline

  • Apr 9, 2026 CVE Published
  • Apr 9, 2026 PoC Published
  • Apr 9, 2026 Security Advisory
  • Apr 10, 2026 EPSS Score
  • Apr 14, 2026 CVE Updated
  • Apr 15, 2026 Security Advisory
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›