Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/09 2:44 p.m.1 views

CVE-2026-5439

A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value,...

5.9AI score0.00426EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/09 2:44 p.m.3 views

CVE-2026-5438

A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive...

7.5CVSS5.3AI score0.00484EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Orthanc 安全漏洞

Orthanc is a free open-source software developed by the Orthanc company. Orthanc has a security vulnerability, which stems from the DicomStreamReader’s tendency to read beyond the allocated boundaries of the metadata buffer during the parsing of DICOM meta-headers. This could lead to the parser...

7.5CVSS7.4AI score0.00641EPSS
Exploits0References4
OSV
OSV
added 2024/01/24 4:15 p.m.4 views

CVE-2024-22725

Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting XSS vulnerability. The vulnerability was present in the server's error reporting...

6.1CVSS5.6AI score
Exploits0References2
OSV
OSV
added 2024/01/24 4:15 p.m.1 views

UBUNTU-CVE-2024-22725

Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting XSS vulnerability. The vulnerability was present in the server's error reporting...

6.1CVSS5.7AI score0.00355EPSS
Exploits0References4
OSV
OSV
added 2023/06/29 3:15 p.m.4 views

CVE-2023-33466

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...

8.8CVSS8.8AI score
Exploits0References3
Rows per page
Query Builder