orthanc - Debian Package Tracker

general

source: orthanc (main)
version: 1.12.11+dfsg-4
maintainer: Debian Med Packaging Team (archive) (DMD) (LowNMU)
uploaders: Andreas Tille [DMD] – Sebastien Jodogne [DMD] [DM]
arch: all any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.9.2+really1.9.1+dfsg-1+deb11u1
o-o-sec: 1.9.2+really1.9.1+dfsg-1+deb11u2
oldstable: 1.10.1+dfsg-2+deb12u1
old-sec: 1.10.1+dfsg-2+deb12u1
stable: 1.12.7+dfsg-4
testing: 1.12.10+dfsg-2
unstable: 1.12.11+dfsg-4

versioned links

1.9.2+really1.9.1+dfsg-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.9.2+really1.9.1+dfsg-1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.1+dfsg-2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.7+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.10+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.11+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

liborthancframework-dev (1 bugs: 0, 1, 0, 0)
liborthancframework1
orthanc (1 bugs: 0, 0, 1, 0)
orthanc-dev
orthanc-doc

action needed

Marked for autoremoval on 25 May: #1133270 high

Version 1.12.10+dfsg-2 of orthanc is marked for autoremoval from testing on Mon 25 May 2026. It is affected by #1133270. The removal of orthanc will also cause the removal of (transitive) reverse dependencies: orthanc-dicomweb, orthanc-gdcm, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-webviewer, orthanc-wsi. You should try to prevent the removal by fixing these RC bugs.

Created: 2026-04-18 Last update: 2026-04-26 11:03

10 security issues in trixie high

There are 10 open security issues in trixie.

10 important issues:

CVE-2026-5437: An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
CVE-2026-5438: A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory.
CVE-2026-5439: A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
CVE-2026-5440: A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.
CVE-2026-5441: An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
CVE-2026-5442: A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
CVE-2026-5443: A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.
CVE-2026-5444: A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
CVE-2026-5445: An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
CVE-2025-15581: Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.

Created: 2026-02-19 Last update: 2026-04-24 11:02

9 security issues in forky high

There are 9 open security issues in forky.

9 important issues:

CVE-2026-5437: An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
CVE-2026-5438: A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory.
CVE-2026-5439: A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
CVE-2026-5440: A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.
CVE-2026-5441: An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
CVE-2026-5442: A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
CVE-2026-5443: A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.
CVE-2026-5444: A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
CVE-2026-5445: An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.

Created: 2026-04-09 Last update: 2026-04-24 11:02

10 security issues in bullseye high

There are 10 open security issues in bullseye.

9 important issues:

CVE-2026-5437: An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
CVE-2026-5438: A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory.
CVE-2026-5439: A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
CVE-2026-5440: A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.
CVE-2026-5441: An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
CVE-2026-5442: A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
CVE-2026-5443: A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.
CVE-2026-5444: A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
CVE-2026-5445: An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.

1 issue postponed or untriaged:

CVE-2024-22725: (needs triaging) Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.

Created: 2026-04-09 Last update: 2026-04-24 11:02

11 security issues in bookworm high

There are 11 open security issues in bookworm.

10 important issues:

CVE-2026-5437: An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
CVE-2026-5438: A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory.
CVE-2026-5439: A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
CVE-2026-5440: A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.
CVE-2026-5441: An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
CVE-2026-5442: A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
CVE-2026-5443: A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.
CVE-2026-5444: A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
CVE-2026-5445: An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
CVE-2025-15581: Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.

1 issue left for the package maintainer to handle:

CVE-2024-22725: (needs triaging) Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-01-24 Last update: 2026-04-24 11:02

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2026-04-05 Last update: 2026-04-26 06:32

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.12.11+dfsg-5, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Created: 2026-04-25 Last update: 2026-04-25 09:32

Multiarch hinter reports 2 issue(s) low

There are issues with the multiarch metadata for this package.

orthanc-doc could be marked Multi-Arch: foreign
orthanc-dev could be converted to Architecture: all and marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2026-04-26 07:30

testing migrations

This package will soon be part of the auto-protobuf transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migration status for orthanc (1.12.10+dfsg-2 to 1.12.11+dfsg-4): Will attempt migration (Any information below is purely informational)
- Additional info (not blocking):
- ∙ ∙ Updating orthanc will fix bugs in testing: #1133270
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/o/orthanc.html
- ∙ ∙ Autopkgtest for orthanc/1.12.11+dfsg-4: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Reproduced on amd64
- ∙ ∙ Reproduced on arm64
- ∙ ∙ Reproduced on armhf
- ∙ ∙ Reproduced on i386
- ∙ ∙ Reproducibility check waiting for results on ppc64el
- ∙ ∙ Required age reduced by 3 days because of autopkgtest
- ∙ ∙ Required age is not allowed to drop below 2 days
- ∙ ∙ 2 days old (needed 2 days)

news

[rss feed]

[2026-04-24] Accepted orthanc 1.12.11+dfsg-4 (source) into unstable (Sebastien Jodogne)
[2026-04-17] Accepted orthanc 1.12.11+dfsg-3 (source) into unstable (Sebastien Jodogne)
[2026-04-14] Accepted orthanc 1.12.11+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2026-04-14] Accepted orthanc 1.12.11+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2026-04-13] Accepted orthanc 1.12.10+dfsg-5 (source) into unstable (Sebastien Jodogne)
[2026-04-11] Accepted orthanc 1.12.10+dfsg-4 (source) into unstable (Sebastien Jodogne)
[2026-04-11] Accepted orthanc 1.12.10+dfsg-3 (source) into unstable (Étienne Mollier)
[2026-03-19] orthanc 1.12.10+dfsg-2 MIGRATED to testing (Debian testing watch)
[2026-03-16] Accepted orthanc 1.12.10+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2026-02-28] Accepted orthanc 1.9.2+really1.9.1+dfsg-1+deb11u2 (source) into oldoldstable-security (Paride Legovini)
[2025-11-29] orthanc 1.12.10+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-11-26] Accepted orthanc 1.12.10+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2025-09-23] orthanc 1.12.9+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-09-21] Accepted orthanc 1.12.9+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2025-08-19] Accepted orthanc 1.12.9+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2025-05-06] orthanc 1.12.7+dfsg-4 MIGRATED to testing (Debian testing watch)
[2025-04-23] Accepted orthanc 1.12.7+dfsg-4 (source) into unstable (Étienne Mollier)
[2025-04-22] Accepted orthanc 1.12.7+dfsg-3 (source) into unstable (Sebastien Jodogne)
[2025-04-22] Accepted orthanc 1.12.7+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2025-04-07] Accepted orthanc 1.12.7+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2025-02-26] orthanc 1.12.6+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-02-24] Accepted orthanc 1.12.6+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2025-02-18] orthanc 1.12.5+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-02-15] Accepted orthanc 1.12.5+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2024-12-22] orthanc 1.12.5+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-12-20] Accepted orthanc 1.12.5+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2024-07-24] orthanc 1.12.4+dfsg-4 MIGRATED to testing (Debian testing watch)
[2024-07-18] Accepted orthanc 1.12.4+dfsg-4 (source) into unstable (Sebastien Jodogne)
[2024-07-11] orthanc 1.12.4+dfsg-3 MIGRATED to testing (Debian testing watch)
[2024-07-08] Accepted orthanc 1.12.4+dfsg-3 (source) into unstable (Sebastien Jodogne)

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.12.10+dfsg-2
2 bugs