Contact us
Contact us

News

About

Home Crypto News Malformed DICOM files cause heap overflow in Orthanc

Malformed DICOM files cause heap overflow in Orthanc

Author Whitewallet Research
Posted: 30 May 2026, 18:47 CET 2 min read

A white paper published May 28, 2026, shows malformed DICOM files can trigger a heap overflow in the Orthanc server during image upload by exploiting Pydicom and GDCM parsing.

Researchers published a white paper on May 28, 2026, demonstrating that malformed DICOM files can trigger a heap overflow in the Orthanc image server during file upload. The report attributes the condition to how Pydicom and GDCM parse certain DICOM fields when the server accepts uploaded images.

The researchers created a crafted DICOM file that manipulates specific format elements. When Orthanc accepted the file and invoked higher-level Pydicom routines that in turn used the GDCM decoder, the combined parsing logic produced an out-of-bounds write. That write manifested as a heap overflow inside the server process.

The paper describes the file fields and parser interactions that lead to the memory corruption. It shows a reproducible sequence in which decoder behavior does not correctly bound memory operations, causing writes beyond an allocated buffer. The report includes technical details of the decoding path and the conditions required to provoke the out-of-bounds write.

Orthanc is an open-source DICOM server used for storing and retrieving medical images. Pydicom is a Python library for reading and writing DICOM files, and GDCM is a C++ toolkit commonly used for decoding DICOM data. The authors point to the interaction between higher-level Python parsing and lower-level native decoding as the location where native memory-management issues can arise when inputs are malformed.

The paper notes that many picture archiving and communication systems (PACS) automatically ingest files received over the network. Because uploads can come from remote scanners, workstations or external partners, a crafted file could reach a decoder without manual inspection and trigger the vulnerable parsing path.

The authors recommend reviewing parser code paths, improving input validation before decoding, and reducing unnecessary network exposure of imaging servers. The white paper is presented as a technical case study documenting a reproducible exploitation method; it does not include a patch timeline or vulnerability advisory.

Whitewallet Research
Author

Articles by this author

Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
6 hours ago
What is a crypto seed phrase
What is a crypto seed phrase
5 days ago
Seed phrase vs private key
Seed phrase vs private key
may 21
Global South trails in generative AI, Microsoft finds
Global South trails in generative AI, Microsoft finds
may 21
Anthropic lets Glasswing partners publish Mythos-found flaws
Anthropic lets Glasswing partners publish Mythos-found flaws
may 19

Latest News

MORE
Enterprise racks up 0M Claude bill after no usage caps

Enterprise racks up $500M Claude bill after no usage caps

1 day ago 2 min read
BlackRock-Led Bitcoin ETFs Post Ninth Straight Day of Outflows

BlackRock-Led Bitcoin ETFs Post Ninth Straight Day of Outflows

1 day ago 1 min read
Trump Push Spurs SEC, Senate and Ripple on CLARITY Act

Trump Push Spurs SEC, Senate and Ripple on CLARITY Act

1 day ago 2 min read
Anthropic launches Claude Opus 4.8 with Effort Control

Anthropic launches Claude Opus 4.8 with Effort Control

2 days ago 2 min read
MORE