CVE-2026-5444
Published: 09 April 2026
Summary
CVE-2026-5444 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Orthanc-Server Orthanc. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the heap buffer overflow in Orthanc's PAM image parsing by requiring timely application of vendor patches addressing the integer overflow in buffer size calculation.
Requires validation of image dimensions and sizes in crafted PAM images within DICOM files to prevent integer overflows during buffer allocation.
Implements memory protections such as heap hardening and bounds checking to mitigate exploitation of the heap buffer overflow during pixel processing writes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability triggered via processing crafted DICOM file (T1204.002); heap buffer overflow enables application crashes via exploitation (T1499.004).
NVD Description
A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow…
more
during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
Deeper analysisAI
CVE-2026-5444 is a heap buffer overflow vulnerability in the PAM image parsing logic of Orthanc. The issue arises when Orthanc processes a crafted PAM image embedded in a DICOM file, where image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values trigger an integer overflow during buffer size calculation, resulting in allocation of a small buffer followed by a much larger write operation during pixel processing. It is classified under CWE-787 with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H) and was published on 2026-04-09.
Exploitation requires local access, low attack complexity, no privileges, and user interaction, such as processing a malicious DICOM file. A local attacker can achieve high integrity and availability impacts, with no confidentiality impact, potentially leading to data corruption or system crashes via the buffer overflow.
Mitigation details are available in related advisories, including CERT KB at https://kb.cert.org/vuls/id/536588, the Orthanc website at https://www.orthanc-server.com/, and https://www.machinespirits.de/.
Details
- CWE(s)