CVE-2026-22879
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
A heap-based buffer overflow vulnerability has been discovered in the vtk-dicom library, specifically in the vtkDICOMItem::NewDataElement function. This flaw could allow an attacker to execute arbitrary code remotely via a specially crafted DICOM file.
Risk Assessment
The risk to the organization includes the possibility of remote code execution, which could compromise the confidentiality, integrity, and availability of medical data.
Recommendation
It is recommended to immediately update the vtk-dicom library to the latest version that includes a fix for this vulnerability. Additionally, restrict access to applications using this library to trusted sources only.
Original NVD description (English source)
vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability

