Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Orthanc — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting Orthanc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Orthanc serves as a lightweight DICOM server for medical imaging, enabling storage and retrieval of radiology data. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues due to insufficient input validation and access controls. The software's exposure to the internet has led to several high-severity incidents, including unauthorized access to sensitive patient data and system compromises. Despite its utility in healthcare environments, the project's security track record shows consistent vulnerabilities, with 11 CVEs documenting issues ranging from authentication bypass to information disclosure. Proper hardening and network segmentation remain critical for secure deployment.

Top products by Orthanc: DICOM Server Osimis DICOM Web Viewer Orthanc server
CVE IDTitleCVSSSeverityPublished
CVE-2026-5439 Memory Exhaustion via Forged ZIP Metadata — DICOM Server 7.5AIHighAI2026-04-09
CVE-2026-5437 Out-of-Bounds Read in DicomStreamReader — DICOM Server 9.1AICriticalAI2026-04-09
CVE-2026-5438 Gzip Decompression Bomb via Content-Encoding Header — DICOM Server 7.5AIHighAI2026-04-09
CVE-2026-5440 Memory Exhaustion via Unbounded Content-Length — DICOM Server 7.5AIHighAI2026-04-09
CVE-2026-5442 Heap Buffer Overflow in DICOM Image Decoder via VR UL Dimensions — DICOM Server 9.1AICriticalAI2026-04-09
CVE-2026-5443 Heap Buffer Overflow in DICOM Image Decoder (Palette Color Decode) — DICOM Server 8.4AIHighAI2026-04-09
CVE-2026-5445 Out-of-Bounds Read in DicomImageDecoder (DecodeLookupTable) — DICOM Server 5.5AIMediumAI2026-04-09
CVE-2026-5444 Heap Buffer Overflow in PAM Image Buffer Allocation — DICOM Server 7.8AIHighAI2026-04-09
CVE-2026-5441 Out-of-Bounds Read in DicomImageDecoder (PMSCT_RLE1 Decompression) — DICOM Server 8.1AIHighAI2026-04-09
CVE-2025-0896 Orthanc Server Missing Authentication for Critical Function — Orthanc serverCWE-306 9.8 Critical2025-02-13
CVE-2023-7238 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Orthanc Osimis DICOM Web Viewer — Osimis DICOM Web ViewerCWE-79 7.1 High2024-01-23

This page lists every published CVE security advisory associated with Orthanc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.