CVE-2026-5441

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Apr 09, 2026

Vendor unknown

Description

An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.

References

https://kb.cert.org/vuls/id/536588
https://www.machinespirits.de/
https://www.orthanc-server.com/