DEBIAN-CVE-2026-5441
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-5441
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-5441.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-5441
- Upstream
- Published
- 2026-04-09T15:16:16.443Z
- Modified
- 2026-06-15T19:06:31.179759946Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An out-of-bounds read vulnerability exists in the
DecodePsmctRle1function ofDicomImageDecoder.cpp. ThePMSCT_RLE1decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output. - References
Affected packages
Debian:11 / orthanc
Package
- Name
- orthanc
- Purl
- pkg:deb/debian/orthanc?arch=source&distro=bullseye
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.9.2+really1.9.1+dfsg-1
1.9.2+really1.9.1+dfsg-1+deb11u1
1.9.2+really1.9.1+dfsg-1+deb11u2
1.9.3+dfsg-1
1.9.5+dfsg-1
1.9.6+dfsg-1
1.9.7+dfsg-1
1.9.7+dfsg-2
1.9.7+dfsg-3
1.9.7+dfsg-4
1.9.7+dfsg-5
1.9.7+dfsg-6
1.10.0+dfsg-1
1.10.1+dfsg-1
1.10.1+dfsg-2
1.12.1+dfsg-1
1.12.1+dfsg-2
1.12.1+dfsg-3
1.12.1+dfsg-4
1.12.2+dfsg-1
1.12.3+dfsg-1
1.12.3+dfsg-2
1.12.4+dfsg-1
1.12.4+dfsg-2
1.12.4+dfsg-3
1.12.4+dfsg-4
1.12.5+dfsg-1
1.12.5+dfsg-2
1.12.6+dfsg-1
1.12.7+dfsg-1
1.12.7+dfsg-2
1.12.7+dfsg-3
1.12.7+dfsg-4
1.12.9+dfsg-1
1.12.9+dfsg-2
1.12.10+dfsg-1
1.12.10+dfsg-2
1.12.10+dfsg-3
1.12.10+dfsg-4
1.12.10+dfsg-5
1.12.11+dfsg-1
1.12.11+dfsg-2
1.12.11+dfsg-3
1.12.11+dfsg-4
1.12.11+dfsg-5
1.12.11+dfsg-6
1.12.11+dfsg-7
Debian:12 / orthanc
Package
- Name
- orthanc
- Purl
- pkg:deb/debian/orthanc?arch=source&distro=bookworm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.10.1+dfsg-2
1.10.1+dfsg-2+deb12u1
1.12.1+dfsg-1
1.12.1+dfsg-2
1.12.1+dfsg-3
1.12.1+dfsg-4
1.12.2+dfsg-1
1.12.3+dfsg-1
1.12.3+dfsg-2
1.12.4+dfsg-1
1.12.4+dfsg-2
1.12.4+dfsg-3
1.12.4+dfsg-4
1.12.5+dfsg-1
1.12.5+dfsg-2
1.12.6+dfsg-1
1.12.7+dfsg-1
1.12.7+dfsg-2
1.12.7+dfsg-3
1.12.7+dfsg-4
1.12.9+dfsg-1
1.12.9+dfsg-2
1.12.10+dfsg-1
1.12.10+dfsg-2
1.12.10+dfsg-3
1.12.10+dfsg-4
1.12.10+dfsg-5
1.12.11+dfsg-1
1.12.11+dfsg-2
1.12.11+dfsg-3
1.12.11+dfsg-4
1.12.11+dfsg-5
1.12.11+dfsg-6
1.12.11+dfsg-7
Debian:13 / orthanc
Package
- Name
- orthanc
- Purl
- pkg:deb/debian/orthanc?arch=source&distro=trixie
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:14 / orthanc
Package
- Name
- orthanc
- Purl
- pkg:deb/debian/orthanc?arch=source&distro=forky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.12.10+dfsg-4