CVE-2026-5443CRITICAL 9.8EPSS p42.6%

CVE-2026-5443CVE-2026-5443

Description

A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.57% probability of exploitation · percentile 42.6% · 2026-06-19T12:03:05Z
Published2026-04-09
Last modified2026-04-14

Underlying weaknesses· 1

CWE-787

References

  1. https://kb.cert.org/vuls/id/536588
  2. https://www.machinespirits.de/
  3. https://www.orthanc-server.com/

1

TypeTargetConfidenceTier
WeaknessOut-of-bounds Writecwe-7870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-5442
CVE
CVE-2026-5445
CVE
CVE-2025-48429
CVE
CVE-2025-53618
CVE
CVE-2026-46599
CVE
CVE-2025-35975
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.