An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
| Vendor | Product | Versions |
|---|---|---|
| Orthanc | DICOM Server | 0, 1.12.10 |
Updated affected versions to include 1.12.10, changed severity to HIGH, and noted that no exploit exists.
Initial creation
