DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap

This white paper presents a concrete case study showing that malformed DICOM files can trigger a heap overflow in the Orthanc medical imaging server during image upload, resulting in an out-of-bounds write; it highlights the risk posed by automatic ingestion of network-received DICOM files and the complexity of DICOM parsing in PACS systems.