ctipilot.ch

Home · Briefs · CTI Daily Brief — 2026-05-31

[SINGLE-SOURCE] Cisco Talos maps the DICOM-format attack surface against Orthanc PACS — network-ingested medical images as a heap out-of-bounds-write primitive

From CTI Daily Brief — 2026-05-31 · published 2026-05-31

Cisco Talos published a technical study on 2026-05-28 examining how the DICOM medical-imaging file format yields heap out-of-bounds-write conditions across three parsers — the Python pydicom library, GDCM (Grassroots DICOM), and the parser inside Orthanc, the open-source PACS (Picture Archiving and Communication System) server widely deployed in hospital radiology (Cisco Talos, 2026-05-28). Talos frames the upload/ingestion pathway as the highest-concern surface: hospital PACS routinely auto-ingest DICOM studies received over the network from imaging modalities (CT, MRI, X-ray) via DICOM C-STORE, so a malformed study from any connected modality or compromised upstream institution can directly reach the vulnerable decoder without user action. The write primitive arises from the format's variable-length Value Representation (VR) tag structure combined with lax bounds-checking in heap allocation. The public blog post discloses no CVE identifiers and no exploit code — the underlying technique class is T1190 (exploit public-facing application) where a PACS endpoint is network-reachable, or delivery via a malicious study over DICOM networking. [SINGLE-SOURCE] (Cisco Talos primary research).

Why it matters to us: Swiss cantonal and university hospitals and EU healthcare providers — NIS2 critical entities — universally run PACS/DICOM infrastructure, and Orthanc is common in academic medical centres. The attack surface is structural to how PACS operate (mandatory DICOM connectivity to vendor equipment), so it cannot be closed by patching a single product alone. Defender posture from the research: review network segmentation between PACS servers and clinical workstations; restrict DICOM C-STORE acceptance to known modality Application Entity (AE) titles via the PACS ACL; confirm Orthanc instances run a supported version; treat studies arriving from referring institutions as untrusted input.