Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attacker-supplied DICOM input typically requires a user to open the file in viewer use (UI:R); heap grooming makes it AC:H; no auth needed (PR:N); full memory-corruption impact yields C/I/A:H.
Primary rating from Vendor (talos).
CVSS VectorVendor: talos
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability
AnalysisAI
Heap-based buffer overflow in the vtk-dicom library's vtkDICOMItem::NewDataElement routine allows remote attackers to corrupt heap memory and potentially achieve arbitrary code execution by supplying a maliciously crafted DICOM data element. The flaw affects vtk-dicom (a DICOM I/O module commonly paired with the Visualization Toolkit) and was reported by Cisco Talos (TALOS-2026-2366), carrying a CVSS 3.1 base score of 8.1 with full confidentiality, integrity, and availability impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the target to parse an attacker-supplied DICOM object through vtk-dicom's vtkDICOMItem::NewDataElement code path - specifically a DICOM data set/sequence containing a crafted data element whose length or index field triggers the out-of-bounds heap write. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are moderately consistent: the CVSS vector (AV:N/AC:H/PR:N/UI:N) indicates a network-reachable, unauthenticated bug with no user interaction but HIGH attack complexity, which is typical for heap overflows that require precise control of memory layout or specific malformed-input conditions to be reliably exploited. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious DICOM file or stream containing a data element with a forged length/index that violates the buffer assumptions in vtkDICOMItem::NewDataElement, then delivers it to a target that parses DICOM with vtk-dicom - for example uploading it to a DICOM receiver or opening it in a viewer. When the file is processed, the heap overflow corrupts adjacent memory, and with the HIGH-complexity heap grooming required, the attacker may convert the corruption into arbitrary code execution in the context of the parsing process. … |
| Remediation | No vendor-released patch identified at time of analysis; consult the Talos advisory (https://talosintelligence.com/vulnerability_reports/TALOS-2026-2366) and the upstream vtk-dicom project for a fixed release and upgrade to it once published, then rebuild any downstream applications that statically link or vendor the library. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running vtk-dicom and restrict DICOM file ingestion to validated, trusted sources only; enable detailed logging on DICOM processing endpoints. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-129 – Improper Validation of Array Index
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: ImportantShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39582
GHSA-prp5-qv62-frpc