Skip to main content

VTK-DICOM EUVDEUVD-2026-39582

| CVE-2026-22879 HIGH
Improper Validation of Array Index (CWE-129)
2026-06-25 talos GHSA-prp5-qv62-frpc
8.1
CVSS 3.1 · Vendor: talos
Share

Severity by source

Vendor (talos) PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.5 HIGH

Attacker-supplied DICOM input typically requires a user to open the file in viewer use (UI:R); heap grooming makes it AC:H; no auth needed (PR:N); full memory-corruption impact yields C/I/A:H.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
HIGH
qualitative

Primary rating from Vendor (talos).

CVSS VectorVendor: talos

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 25, 2026 - 22:36 vuln.today

DescriptionCVE.org

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability

AnalysisAI

Heap-based buffer overflow in the vtk-dicom library's vtkDICOMItem::NewDataElement routine allows remote attackers to corrupt heap memory and potentially achieve arbitrary code execution by supplying a maliciously crafted DICOM data element. The flaw affects vtk-dicom (a DICOM I/O module commonly paired with the Visualization Toolkit) and was reported by Cisco Talos (TALOS-2026-2366), carrying a CVSS 3.1 base score of 8.1 with full confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Deliver crafted DICOM file to parser
Delivery
Forge element length/index field
Exploit
Trigger heap overflow in NewDataElement
Execution
Groom heap for control
Impact
Execute code in parser context

Vulnerability AssessmentAI

Exploitation Exploitation requires the target to parse an attacker-supplied DICOM object through vtk-dicom's vtkDICOMItem::NewDataElement code path - specifically a DICOM data set/sequence containing a crafted data element whose length or index field triggers the out-of-bounds heap write. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are moderately consistent: the CVSS vector (AV:N/AC:H/PR:N/UI:N) indicates a network-reachable, unauthenticated bug with no user interaction but HIGH attack complexity, which is typical for heap overflows that require precise control of memory layout or specific malformed-input conditions to be reliably exploited. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious DICOM file or stream containing a data element with a forged length/index that violates the buffer assumptions in vtkDICOMItem::NewDataElement, then delivers it to a target that parses DICOM with vtk-dicom - for example uploading it to a DICOM receiver or opening it in a viewer. When the file is processed, the heap overflow corrupts adjacent memory, and with the HIGH-complexity heap grooming required, the attacker may convert the corruption into arbitrary code execution in the context of the parsing process. …
Remediation No vendor-released patch identified at time of analysis; consult the Talos advisory (https://talosintelligence.com/vulnerability_reports/TALOS-2026-2366) and the upstream vtk-dicom project for a fixed release and upgrade to it once published, then rebuild any downstream applications that statically link or vendor the library. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running vtk-dicom and restrict DICOM file ingestion to validated, trusted sources only; enable detailed logging on DICOM processing endpoints. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important

Share

EUVD-2026-39582 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy