Contact us
Contact us

News

About

Home Crypto News Malformed DICOM Can Cause Heap Overflow in Orthanc

Malformed DICOM Can Cause Heap Overflow in Orthanc

Author Whitewallet Research
Posted: 28 May 2026, 11:52 CET 2 min read

A May 28, 2026 white paper shows malformed DICOM files can trigger a heap overflow in Orthanc servers during image uploads, producing an out-of-bounds write in the DICOM decoder.

A white paper published May 28, 2026 documents how malformed DICOM files can trigger a heap overflow in Orthanc servers during image uploads. The authors reproduced an out-of-bounds write inside Orthanc’s DICOM decoder while processing crafted input.

The report notes that DICOM parsing has been a focus of research because the DICOM standard is complex and hospitals use picture archiving and communication systems (PACS) that often ingest files automatically over networks. The researchers created a case study that supplies specific malformed DICOM data to an Orthanc instance and observed a decoder routine writing beyond its allocated buffer.

The vulnerability appears during the image upload workflow. Specially crafted DICOM attributes or structures reach decoder code paths that do not properly validate sizes or boundaries. The paper describes the file-format manipulations that lead to data being written outside the intended memory region and reproduces the condition on a running Orthanc server.

Technical traces included in the document show the out-of-bounds write and resulting heap corruption at runtime. The authors state that out-of-bounds writes and heap overflows cause memory corruption that can lead to application crashes or unstable behavior. The paper also notes that, in many cases, such corruption can be used to execute code or escalate attacks, but its scope is limited to demonstrating the write condition rather than delivering a full exploit chain.

The report is presented as a technical case study rather than an operational advisory. It documents steps to reproduce the heap overflow and explains the conditions under which the decoder writes beyond allocated bounds. The authors place the finding in the wider context of ongoing research into DICOM parser robustness and automated image ingestion.

The paper highlights that automated ingestion of medical images can allow malformed or intentionally crafted files to reach server decoders without manual inspection, and it recommends attention to input validation and parser hardening as part of broader efforts to address parsing weaknesses in medical imaging infrastructure.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE