Contact us
Contact us

News

About

Home Crypto News Heap Overflow Flaw Found in Orthanc DICOM Upload

Heap Overflow Flaw Found in Orthanc DICOM Upload

Author Whitewallet Research
Posted: 1 June 2026, 19:05 CET 2 min read

Researchers found a DICOM parsing flaw that can create a heap overflow in Orthanc when malformed images are uploaded, producing an out-of-bounds write during decoding.

Security researchers published a white paper on May 28, 2026, describing a DICOM parsing flaw that can trigger a heap overflow in Orthanc while an image is being uploaded.

The paper demonstrates a crafted DICOM file that causes an out-of-bounds write during decoding, overwriting memory outside the intended buffer. The condition arises during the normal image upload flow to an Orthanc server rather than through a separate service or protocol.

DICOM is the standard hospitals use to store and share medical images, and PACS servers often accept files automatically over a network. Those automated uploads can deliver malformed files directly to decoders, which must handle nested structures and multiple encoding options.

A heap overflow is a form of memory corruption that occurs when data is written past the allocated area on the heap. An out-of-bounds write can corrupt program state, cause crashes, or in some circumstances be used as a step in a broader exploit. The paper focuses on how the DICOM file structure and the server’s upload handling produce the overflow, not on any post-exploitation payload.

The authors note that DICOM’s many optional encodings and complex structures increase the likelihood that edge cases remain unhandled by decoders. Decoders process complex, structured input and therefore can expose attack surface when they accept untrusted files.

The white paper is presented as a proof of concept and does not report active exploitation campaigns. It does not state whether a patch has been released. Institutions that operate DICOM servers are advised to review vendor advisories, apply available security updates, and consider restricting automatic acceptance of untrusted DICOM files until parsing behavior is confirmed safe.

DICOM stands for Digital Imaging and Communications in Medicine. PACS, or picture archiving and communication systems, manage medical images in clinical environments. Researchers have examined DICOM parsers for years to identify robustness issues that could lead to memory corruption or other failures.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE