pkg:Debian/orthanc

All known vulnerabilities

• CRITICAL9.8CVE-2026-5443A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images.
  from 0
• CRITICAL9.8CVE-2026-5442A heap buffer overflow vulnerability exists in the DICOM image decoder.
  from 0
• CRITICAL9.1CVE-2026-5445An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`.
  from 0
• HIGH8.8CVE-2023-33466orthanc - security update
  from 0, < 1.9.2+really1.9.1+dfsg-1+deb11u1
• HIGH8.8CVE-2023-33466orthanc - security update
  from 0, < 1.5.6+dfsg-1+deb10u1
• HIGH8.8CVE-2023-33466orthanc - security update
  from 0, < 1.9.2+really1.9.1+dfsg-1+deb11u1
• HIGH7.5CVE-2026-5440A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header.
  from 0
• HIGH7.5CVE-2026-5439A memory exhaustion vulnerability exists in ZIP archive processing.
  from 0
• HIGH7.5CVE-2026-5438A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`.
  from 0
• HIGH7.5CVE-2026-5437An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing.
  from 0
• HIGH7.1CVE-2026-5444A heap buffer overflow vulnerability exists in the PAM image parsing logic.
  from 0
• HIGH7.1CVE-2026-5441An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`.
  from 0
• MEDIUM6.1CVE-2024-22725Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability.
  from 0
• LOW3.3CVE-2026-10528A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11.
  from 0
• —CVE-2025-15581orthanc - security update
  from 0, < 1.9.2+really1.9.1+dfsg-1+deb11u2
• —CVE-2025-15581orthanc - security update
  from 0, < 1.9.2+really1.9.1+dfsg-1+deb11u2
• —CVE-2025-0896Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled.
  from 0, < 1.5.8+dfsg-1