Orthanc DICOM Vulnerabilities - Crashes and RCE Risks
Significant risk — action recommended within 24-48 hours
Basically, flaws in the Orthanc server can let hackers crash it or run harmful code.
Nine vulnerabilities in the Orthanc DICOM server could allow hackers to crash systems or execute harmful code. Users must update to the latest version to stay secure.
What Happened
Nine vulnerabilities have been discovered in the open-source Digital Imaging and Communications in Medicine (DICOM) server, Orthanc. These flaws allow attackers to crash servers, leak sensitive data, and even execute arbitrary code remotely. The vulnerabilities are tracked from CVE-2026-5437 to CVE-2026-5445 and stem from issues like insufficient validation of metadata and unsafe arithmetic operations.
The Flaw
The first vulnerability is an out-of-bounds read issue affecting the meta-header parser. This occurs due to inadequate input validation in the parsing logic. Another critical flaw involves a GZIP decompression bomb, where the server allocates memory based on attacker-controlled metadata without any limits, potentially exhausting system memory.
A similar memory exhaustion vulnerability was identified in ZIP archive processing. Here, the server trusts the metadata describing the uncompressed size of archived files, allowing attackers to manipulate size values and cause excessive memory allocation during extraction.
What's at Risk
The HTTP server also suffers from vulnerabilities that allow memory allocation based on user-supplied header values. Attackers can craft HTTP requests with extremely large length values, which can terminate the server. Additionally, an out-of-bounds read vulnerability in the proprietary Philips Compression format can leak heap data into rendered images, posing further risks.
The most severe vulnerabilities are heap-based buffer overflows in the image parsing and decoding logic. These can crash the Orthanc process and may allow for remote code execution (RCE) under certain conditions.
Patch Status
Orthanc versions 1.12.10 and earlier are affected by these vulnerabilities. Users are strongly advised to update to version 1.12.11, which addresses all identified flaws. Researchers from Machine Spirits discovered these vulnerabilities and have published advisories detailing their findings.
Immediate Actions
To protect against these vulnerabilities, users should:
- Update to Orthanc version 1.12.11 immediately.
- Monitor for any unusual server behavior that may indicate exploitation attempts.
- Review server configurations to ensure proper input validation and memory management practices are in place.
🔍 How to Check If You're Affected
- 1.Check the current version of Orthanc running on your server.
- 2.Review server logs for any signs of abnormal behavior or crashes.
- 3.Ensure that the latest security updates have been applied.
🔒 Pro insight: The vulnerabilities in Orthanc highlight critical flaws in memory management, necessitating immediate patching to prevent potential RCE exploits.