Heap overflow found in Orthanc via Pydicom and GDCM

Security researchers demonstrated a heap overflow in an Orthanc server by creating DICOM files that, when parsed through Pydicom and GDCM, produced an out-of-bounds write during image upload. The demonstration is laid out in a white paper published May 28, 2026 that presents a step-by-step case study.

The researchers constructed malformed DICOM fields that altered parsing behavior in the Pydicom layer and the underlying GDCM decoder. As Orthanc ingested the uploaded file, the parsing chain produced an out-of-bounds write into heap memory. The paper reproduces the condition during the upload process and records the observed memory corruption.

A heap overflow occurs when a program writes more data into a heap-allocated buffer than it can hold, which can overwrite adjacent memory. In the reproduced case the out-of-bounds write was sufficient to crash the service or corrupt internal state; the authors do not claim a full exploit chain beyond the write itself.

The paper notes that picture archiving and communication systems (PACS) commonly accept and parse incoming DICOM files automatically. Because hospitals and imaging centers use DICOM-based PACS to store and share images over networks, a crafted file can reach decoders without manual inspection and trigger decoding bugs during ingestion.

The white paper provides technical detail on the malformed file structure, the specific parsing steps in Pydicom and GDCM that lead to the overflow, and the behavior observed on the target Orthanc server during upload. The document frames the work as a proof-of-concept and documents the exact conditions under which the overflow occurs.

Over the last decade researchers have increasingly examined DICOM parsing because the format is widely used in clinical settings and has a complex structure. The paper presents a concrete example of how a DICOM parser chain can produce memory corruption during routine server operations.