Heap Overflow Vulnerability Discovered in Orthanc DICOM Server Allows Remote Code Execution
What Happened — Researchers at Cisco Talos published a deep‑dive showing a heap‑overflow flaw in the open‑source Orthanc DICOM server. By sending a crafted DICOM file, an attacker can trigger an out‑of‑bounds write during image ingestion, potentially achieving remote code execution on the PACS host.
Why It Matters for TPRM —
- Critical imaging infrastructure (PACS) can be compromised, exposing patient data and disrupting clinical workflows.
- Third‑party DICOM libraries (pydicom, GDCM) are widely embedded in vendor solutions, expanding the attack surface across many health‑tech partners.
- Exploitation does not require authentication; any network‑exposed upload endpoint is a viable entry point.
Who Is Affected — Healthcare providers, medical imaging vendors, cloud‑hosted PACS services, and any organization that integrates Orthanc or dependent DICOM parsing libraries.
Recommended Actions —
- Inventory all third‑party services that run Orthanc or embed pydicom/GDCM.
- Apply vendor‑provided patches or upgrade to the latest Orthanc release that mitigates the heap overflow.
- Enforce strict validation of inbound DICOM files; consider sandboxing the ingestion pipeline.
- Review network segmentation to limit exposure of image upload interfaces.
Technical Notes — The flaw is a classic heap overflow triggered by malformed DICOM tags, leading to an out‑of‑bounds write in the Orthanc image processing routine. No CVE has been assigned yet, but the proof‑of‑concept demonstrates full RCE on the host. Affected data includes any patient imaging studies stored on the compromised server. Source: Cisco Talos Blog