Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Orthanc DICOM Server Flaws Pose Security Risks

Orthanc DICOM Server Flaws Pose Security Risks

Posted on April 10, 2026 By CWS

Nine critical vulnerabilities have been identified in Orthanc, an open-source Digital Imaging and Communications in Medicine (DICOM) server, potentially allowing attackers to crash systems, access sensitive data, and execute code remotely.

Orthanc is widely used in healthcare for the automated analysis of medical images, operating as a standalone server without the need for complex database management or additional third-party software. However, recent findings by researchers at Machine Spirits have uncovered several security flaws.

Details of the Discovered Vulnerabilities

The vulnerabilities, which are cataloged from CVE-2026-5437 to CVE-2026-5445, stem from insufficient metadata validation, lack of necessary checks, and unsafe arithmetic operations, according to the CERT Coordination Center (CERT/CC) advisory.

Among these, the first issue involves an out-of-bounds read in the meta-header parser due to inadequate input validation. Another significant flaw is a GZIP decompression bomb vulnerability, where unregulated decompressed data size can lead to memory exhaustion.

Security Risks and Exploitation Methods

Furthermore, a similar memory exhaustion problem exists in ZIP archive processing, where the system overly trusts metadata on file sizes. Attackers could exploit this by manipulating size values to cause excessive memory allocation.

The server’s HTTP handler also poses a risk, as it assigns memory based on user-provided header values, potentially enabling attackers to send requests with oversized length values, leading to service termination.

An additional out-of-bounds read issue affects Orthanc’s decompression routine for Philips Compression format, risking data leakage into image outputs.

Recommendations for Mitigating Risks

Three additional vulnerabilities involve heap buffer overflows impacting the image decoder and color image parsing logic. These flaws could result in unauthorized memory access and potentially enable remote code execution (RCE), as emphasized by the CERT/CC advisory.

Orthanc versions up to 1.12.10 are impacted by these vulnerabilities. Users are strongly advised to upgrade to version 1.12.11, which patches these security issues.

The researchers at Machine Spirits have documented their findings in detailed advisories, urging users to take immediate action to secure their systems.

For more information on related vulnerabilities, refer to advisories on issues like the Marimo flaw and the OpenSSL data leakage vulnerability.

Security Week News Tags:CERT/CC, CVE, DICOM, Healthcare, Machine Spirits, Orthanc, RCE, Security, Software, Updates, Vulnerabilities

Post navigation

Previous Post: Critical Marimo RCE Vulnerability Exploited Rapidly
Next Post: Critical TP-Link Router Flaws Threaten Network Security

Related Posts

DraftKings Hacker Receives Prison Sentence for Cyber Attack DraftKings Hacker Receives Prison Sentence for Cyber Attack Security Week News
Organizations Warned of Exploited Zimbra Collaboration Vulnerability Organizations Warned of Exploited Zimbra Collaboration Vulnerability Security Week News
Vercel Confirms Intrusion After Hacker’s Data Sale Offer Vercel Confirms Intrusion After Hacker’s Data Sale Offer Security Week News
Why Identity Security Must Move Beyond MFA Why Identity Security Must Move Beyond MFA Security Week News
Sean Cairncross Confirmed by Senate as National Cyber Director Sean Cairncross Confirmed by Senate as National Cyber Director Security Week News
Data Integrity Crisis: Trusting Information in AI Era Data Integrity Crisis: Trusting Information in AI Era Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Roundcube XSS Flaws Require Immediate Update
  • GigaWiper Malware: A New Threat to Windows Systems
  • AI Aids Hacker in Swift 72-Hour AWS Cloud Breach
  • Dormant GitHub Accounts Aid Corporate Reconnaissance
  • Microsoft’s AI Strategy Enhances Vulnerability Detection

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Roundcube XSS Flaws Require Immediate Update
  • GigaWiper Malware: A New Threat to Windows Systems
  • AI Aids Hacker in Swift 72-Hour AWS Cloud Breach
  • Dormant GitHub Accounts Aid Corporate Reconnaissance
  • Microsoft’s AI Strategy Enhances Vulnerability Detection

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark