Product
orthanc server orthanc
12 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-5445
CVE-2026-5444
CVE-2026-5443
CVE-2026-5442
CVE-2026-5441
CVE-2026-5440
CVE-2026-5439
CVE-2026-5438
CVE-2026-5437
CVE-2025-0896
CVE-2024-22725
CVE-2023-33466
< 1.12.11
An out-of-bounds read vulnerability exists in the
DecodeLookupTable function within DicomImageDecoder.cpp. The lookup-table de< 1.12.11
A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in
< 1.12.11
A heap buffer overflow vulnerability exists during the decoding of
PALETTE COLOR DICOM images. Pixel length validation uses 32-b< 1.12.11
A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (V
< 1.12.11
An out-of-bounds read vulnerability exists in the
DecodePsmctRle1 function of DicomImageDecoder.cpp. The PMSCT_RLE1 decompre< 1.12.11
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the
Content-Length header. The server alloc< 1.12.11
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certai
< 1.12.11
A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with
Content-Encoding: gzip. The server does< 1.12.11
An out-of-bounds read vulnerability exists in
DicomStreamReader during DICOM meta-header parsing. When processing malformed meta< 1.5.8
Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could re
< 1.12.2
Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present
< 1.12.0
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, a