An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
CVE-2026-5441
NONE
EPSS 0.01%
Updated Apr 09, 2026
An
CVE Details
CVE ID
CVE-2026-5441
Published Date
Apr 09, 2026
Vendor
An
Severity
NONE
Exploit Prediction (EPSS)
Probability of Exploit
0.01%
Likelihood of exploitation in next 30 days
Percentile:
2.7th percentile (higher than 2.7% of all CVEs)
Standard patching cycle
Impact
Minimal impact
Source
View Advisory