orthanc - Debian Package Tracker

general

source: orthanc (main)
version: 1.12.11+dfsg-7
maintainer: Debian Med Packaging Team (archive) (DMD) (LowNMU)
uploaders: Andreas Tille [DMD] – Sebastien Jodogne [DMD] [DM]
arch: all any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.9.2+really1.9.1+dfsg-1+deb11u1
o-o-sec: 1.9.2+really1.9.1+dfsg-1+deb11u2
oldstable: 1.10.1+dfsg-2+deb12u1
old-sec: 1.10.1+dfsg-2+deb12u1
stable: 1.12.7+dfsg-4
testing: 1.12.11+dfsg-6
unstable: 1.12.11+dfsg-7

versioned links

1.9.2+really1.9.1+dfsg-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.9.2+really1.9.1+dfsg-1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.1+dfsg-2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.7+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.11+dfsg-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.11+dfsg-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

liborthancframework-dev
liborthancframework1
liborthancframework1.12.11
orthanc (1 bugs: 0, 0, 1, 0)
orthanc-dev
orthanc-doc

action needed

10 security issues in bullseye high

There are 10 open security issues in bullseye.

9 important issues:

CVE-2026-5437: An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
CVE-2026-5438: A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory.
CVE-2026-5439: A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
CVE-2026-5440: A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.
CVE-2026-5441: An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
CVE-2026-5442: A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
CVE-2026-5443: A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.
CVE-2026-5444: A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
CVE-2026-5445: An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.

1 issue postponed or untriaged:

CVE-2024-22725: (needs triaging) Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.

Created: 2026-04-09 Last update: 2026-05-04 23:31

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2026-05-10 Last update: 2026-05-16 16:33

Multiarch hinter reports 2 issue(s) low

There are issues with the multiarch metadata for this package.

orthanc-doc could be marked Multi-Arch: foreign
orthanc-dev could be converted to Architecture: all and marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2026-05-16 14:00

10 low-priority security issues in trixie low

There are 10 open security issues in trixie.

10 issues left for the package maintainer to handle:

CVE-2026-5437: (needs triaging) An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
CVE-2026-5438: (needs triaging) A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory.
CVE-2026-5439: (needs triaging) A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
CVE-2026-5440: (needs triaging) A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.
CVE-2026-5441: (needs triaging) An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
CVE-2026-5442: (needs triaging) A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
CVE-2026-5443: (needs triaging) A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.
CVE-2026-5444: (needs triaging) A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
CVE-2026-5445: (needs triaging) An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
CVE-2025-15581: (needs triaging) Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-02-19 Last update: 2026-05-04 23:31

11 low-priority security issues in bookworm low

There are 11 open security issues in bookworm.

11 issues left for the package maintainer to handle:

CVE-2026-5437: (needs triaging) An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
CVE-2026-5438: (needs triaging) A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory.
CVE-2026-5439: (needs triaging) A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
CVE-2026-5440: (needs triaging) A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.
CVE-2026-5441: (needs triaging) An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
CVE-2026-5442: (needs triaging) A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
CVE-2026-5443: (needs triaging) A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.
CVE-2026-5444: (needs triaging) A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
CVE-2026-5445: (needs triaging) An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
CVE-2024-22725: (needs triaging) Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.
CVE-2025-15581: (needs triaging) Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-01-24 Last update: 2026-05-04 23:31

testing migrations

This package will soon be part of the auto-protobuf transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migration status for orthanc (1.12.11+dfsg-6 to 1.12.11+dfsg-7): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Autopkgtest for orthanc/1.12.11+dfsg-7: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Autopkgtest for orthanc-webviewer/2.10+dfsg-3: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Autopkgtest for orthanc-wsi/3.3+dfsg-6: amd64: Pass, arm64: Pass, i386: Pass, loong64: Test triggered, ppc64el: Pass, riscv64: Pass, s390x: Pass
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/o/orthanc.html
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- ∙ ∙ 11 days old (needed 5 days)
- Not considered

news

[rss feed]

[2026-05-04] Accepted orthanc 1.12.11+dfsg-7 (source) into unstable (Sebastien Jodogne)
[2026-05-02] orthanc 1.12.11+dfsg-6 MIGRATED to testing (Debian testing watch)
[2026-04-28] Accepted orthanc 1.12.11+dfsg-6 (source) into unstable (Sebastien Jodogne)
[2026-04-27] orthanc 1.12.11+dfsg-4 MIGRATED to testing (Debian testing watch)
[2026-04-27] Accepted orthanc 1.12.11+dfsg-5 (source amd64 all) into unstable (Debian FTP Masters) (signed by: Andreas Tille)
[2026-04-24] Accepted orthanc 1.12.11+dfsg-4 (source) into unstable (Sebastien Jodogne)
[2026-04-17] Accepted orthanc 1.12.11+dfsg-3 (source) into unstable (Sebastien Jodogne)
[2026-04-14] Accepted orthanc 1.12.11+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2026-04-14] Accepted orthanc 1.12.11+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2026-04-13] Accepted orthanc 1.12.10+dfsg-5 (source) into unstable (Sebastien Jodogne)
[2026-04-11] Accepted orthanc 1.12.10+dfsg-4 (source) into unstable (Sebastien Jodogne)
[2026-04-11] Accepted orthanc 1.12.10+dfsg-3 (source) into unstable (Étienne Mollier)
[2026-03-19] orthanc 1.12.10+dfsg-2 MIGRATED to testing (Debian testing watch)
[2026-03-16] Accepted orthanc 1.12.10+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2026-02-28] Accepted orthanc 1.9.2+really1.9.1+dfsg-1+deb11u2 (source) into oldoldstable-security (Paride Legovini)
[2025-11-29] orthanc 1.12.10+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-11-26] Accepted orthanc 1.12.10+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2025-09-23] orthanc 1.12.9+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-09-21] Accepted orthanc 1.12.9+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2025-08-19] Accepted orthanc 1.12.9+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2025-05-06] orthanc 1.12.7+dfsg-4 MIGRATED to testing (Debian testing watch)
[2025-04-23] Accepted orthanc 1.12.7+dfsg-4 (source) into unstable (Étienne Mollier)
[2025-04-22] Accepted orthanc 1.12.7+dfsg-3 (source) into unstable (Sebastien Jodogne)
[2025-04-22] Accepted orthanc 1.12.7+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2025-04-07] Accepted orthanc 1.12.7+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2025-02-26] orthanc 1.12.6+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-02-24] Accepted orthanc 1.12.6+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2025-02-18] orthanc 1.12.5+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-02-15] Accepted orthanc 1.12.5+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2024-12-22] orthanc 1.12.5+dfsg-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 1
RC: 0
I&N: 0
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.12.10+dfsg-2
2 bugs