Register | Log in

orthanc

Lightweight, RESTful DICOM server for medical imaging

Choose email to subscribe with

general

source: orthanc (main)
version: 1.12.11+dfsg-6
maintainer: Debian Med Packaging Team (archive) (DMD) (LowNMU)
uploaders: Andreas Tille [DMD] – Sebastien Jodogne [DMD] [DM]
arch: all any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.9.2+really1.9.1+dfsg-1+deb11u1
o-o-sec: 1.9.2+really1.9.1+dfsg-1+deb11u2
oldstable: 1.10.1+dfsg-2+deb12u1
old-sec: 1.10.1+dfsg-2+deb12u1
stable: 1.12.7+dfsg-4
testing: 1.12.11+dfsg-4
unstable: 1.12.11+dfsg-6

versioned links

1.9.2+really1.9.1+dfsg-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.9.2+really1.9.1+dfsg-1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.1+dfsg-2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.7+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.11+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.11+dfsg-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

liborthancframework-dev
liborthancframework1
liborthancframework1.12.11
orthanc (1 bugs: 0, 0, 1, 0)
orthanc-dev
orthanc-doc

action needed

10 security issues in trixie high

There are 10 open security issues in trixie.

10 important issues:

CVE-2026-5437: An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
CVE-2026-5438: A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory.
CVE-2026-5439: A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
CVE-2026-5440: A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.
CVE-2026-5441: An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
CVE-2026-5442: A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
CVE-2026-5443: A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.
CVE-2026-5444: A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
CVE-2026-5445: An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
CVE-2025-15581: Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.

Created: 2026-02-19 Last update: 2026-04-28 19:02

10 security issues in bullseye high

There are 10 open security issues in bullseye.

9 important issues:

CVE-2026-5437: An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
CVE-2026-5438: A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory.
CVE-2026-5439: A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
CVE-2026-5440: A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.
CVE-2026-5441: An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
CVE-2026-5442: A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
CVE-2026-5443: A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.
CVE-2026-5444: A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
CVE-2026-5445: An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.

1 issue postponed or untriaged:

CVE-2024-22725: (needs triaging) Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.

Created: 2026-04-09 Last update: 2026-04-28 19:02

11 security issues in bookworm high

There are 11 open security issues in bookworm.

10 important issues:

CVE-2026-5437: An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
CVE-2026-5438: A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory.
CVE-2026-5439: A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
CVE-2026-5440: A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.
CVE-2026-5441: An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
CVE-2026-5442: A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
CVE-2026-5443: A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.
CVE-2026-5444: A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
CVE-2026-5445: An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
CVE-2025-15581: Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.

1 issue left for the package maintainer to handle:

CVE-2024-22725: (needs triaging) Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-01-24 Last update: 2026-04-28 19:02

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

orthanc-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2026-04-29 07:02

testing migrations

This package will soon be part of the auto-protobuf transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-libjsoncpp transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migration status for orthanc (1.12.11+dfsg-4 to 1.12.11+dfsg-6): BLOCKED: Maybe temporary, maybe blocked but Britney is missing information (check below)
- Issues preventing migration:
- ∙ ∙ Missing build on riscv64
- ∙ ∙ Autopkgtest deferred on riscv64: missing arch:riscv64 build
- ∙ ∙ Autopkgtest for orthanc/1.12.11+dfsg-6: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for orthanc-neuro: ppc64el: Test triggered, s390x: Test triggered (will not be considered a regression) ♻ (reference ♻)
- ∙ ∙ Autopkgtest for orthanc-python/7.1+ds-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for orthanc-webviewer: ppc64el: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for orthanc-wsi: ppc64el: Test triggered, s390x: Test triggered
- ∙ ∙ Lintian check waiting for test results on riscv64 - info
- ∙ ∙ Too young, only 1 of 5 days old
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/o/orthanc.html
- ∙ ∙ Reproduced on amd64
- ∙ ∙ Reproducibility check waiting for results on arm64
- ∙ ∙ Reproduced on armhf
- ∙ ∙ Reproducibility check waiting for results on i386
- ∙ ∙ Reproducibility check waiting for results on ppc64el
- Not considered

news

[2026-04-28] Accepted orthanc 1.12.11+dfsg-6 (source) into unstable (Sebastien Jodogne)
[2026-04-27] orthanc 1.12.11+dfsg-4 MIGRATED to testing (Debian testing watch)
[2026-04-27] Accepted orthanc 1.12.11+dfsg-5 (source amd64 all) into unstable (Debian FTP Masters) (signed by: Andreas Tille)
[2026-04-24] Accepted orthanc 1.12.11+dfsg-4 (source) into unstable (Sebastien Jodogne)
[2026-04-17] Accepted orthanc 1.12.11+dfsg-3 (source) into unstable (Sebastien Jodogne)
[2026-04-14] Accepted orthanc 1.12.11+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2026-04-14] Accepted orthanc 1.12.11+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2026-04-13] Accepted orthanc 1.12.10+dfsg-5 (source) into unstable (Sebastien Jodogne)
[2026-04-11] Accepted orthanc 1.12.10+dfsg-4 (source) into unstable (Sebastien Jodogne)
[2026-04-11] Accepted orthanc 1.12.10+dfsg-3 (source) into unstable (Étienne Mollier)
[2026-03-19] orthanc 1.12.10+dfsg-2 MIGRATED to testing (Debian testing watch)
[2026-03-16] Accepted orthanc 1.12.10+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2026-02-28] Accepted orthanc 1.9.2+really1.9.1+dfsg-1+deb11u2 (source) into oldoldstable-security (Paride Legovini)
[2025-11-29] orthanc 1.12.10+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-11-26] Accepted orthanc 1.12.10+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2025-09-23] orthanc 1.12.9+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-09-21] Accepted orthanc 1.12.9+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2025-08-19] Accepted orthanc 1.12.9+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2025-05-06] orthanc 1.12.7+dfsg-4 MIGRATED to testing (Debian testing watch)
[2025-04-23] Accepted orthanc 1.12.7+dfsg-4 (source) into unstable (Étienne Mollier)
[2025-04-22] Accepted orthanc 1.12.7+dfsg-3 (source) into unstable (Sebastien Jodogne)
[2025-04-22] Accepted orthanc 1.12.7+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2025-04-07] Accepted orthanc 1.12.7+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2025-02-26] orthanc 1.12.6+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-02-24] Accepted orthanc 1.12.6+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2025-02-18] orthanc 1.12.5+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-02-15] Accepted orthanc 1.12.5+dfsg-2 (source) into unstable (Sebastien Jodogne)
[2024-12-22] orthanc 1.12.5+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-12-20] Accepted orthanc 1.12.5+dfsg-1 (source) into unstable (Sebastien Jodogne)
[2024-07-24] orthanc 1.12.4+dfsg-4 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 0
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.12.10+dfsg-2
2 bugs

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing