An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
CVE-2026-5445
NONE
EPSS 0.06%
Updated Apr 09, 2026
An
CVE Details
CVE ID
CVE-2026-5445
Published Date
Apr 09, 2026
Vendor
An
Severity
NONE
Exploit Prediction (EPSS)
Probability of Exploit
0.06%
Likelihood of exploitation in next 30 days
Percentile:
19.2th percentile (higher than 19.2% of all CVEs)
Standard patching cycle
Impact
Minimal impact
Source
View Advisory