6 matches found
CVE-2026-5439
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value,...
CVE-2026-5438
A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive...
Orthanc 安全漏洞
Orthanc is a free open-source software developed by the Orthanc company. Orthanc has a security vulnerability, which stems from the DicomStreamReader’s tendency to read beyond the allocated boundaries of the metadata buffer during the parsing of DICOM meta-headers. This could lead to the parser...
CVE-2024-22725
Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting XSS vulnerability. The vulnerability was present in the server's error reporting...
UBUNTU-CVE-2024-22725
Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting XSS vulnerability. The vulnerability was present in the server's error reporting...
CVE-2023-33466
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...