VU#536588: Multiple Heap Buffer Overflows in Orthanc DICOM Server
Orthanc DICOM Server versions 1.12.10 and earlier have several vulnerabilities impacting image decoding and HTTP request handling. These flaws include heap buffer overflows, out-of-bounds reads, and memory exhaustion problems, exploitable through crafted inputs. Attackers can leverage these vulnerabilities to crash the server, leak sensitive data, or potentially achieve remote code execution. The vulnerabilities stem from unsafe arithmetic operations, the lack of crucial bounds checks, and insufficient validation of metadata. These issues exist within the processing of both DICOM files and HTTP requests. Identified vulnerabilities involve parsing meta-headers, handling gzip compression, and processing ZIP archives which could lead to resource exhaustion. Out-of-bounds reads are present in image decoding functions used for the proprietary Philips compression format and palette color images. Heap buffer overflows occur in the image decoder, as well as the PAM image parsing logic. Orthanc has released version 1.12.11 to fix the vulnerabilities. Users should upgrade immediately and limit exposure of upload/processing features. These vulnerabilities were discovered by Dr. Simon Weber and Volker Schönefeld of Machine Spirits UG.