CVE Catalog

CVE-2026-22879

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile — higher than 24% of all known CVEs

Summary

A heap-based buffer overflow vulnerability has been discovered in the vtk-dicom library, specifically in the vtkDICOMItem::NewDataElement function. This flaw could allow an attacker to execute arbitrary code remotely via a specially crafted DICOM file.

Risk Assessment

The risk to the organization includes the possibility of remote code execution, which could compromise the confidentiality, integrity, and availability of medical data.

Recommendation

It is recommended to immediately update the vtk-dicom library to the latest version that includes a fix for this vulnerability. Additionally, restrict access to applications using this library to trusted sources only.

Original NVD description (English source)

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability

Vulnerability data from NVD (NIST) · CISA KEV · EPSS