Heap-Based Buffer Overflow in VTK DICOM Library by Kitware
CVE-2026-22879

8.1HIGH

Key Information:

Vendor: Vtk
Status: Vtk
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-22879?

The VTK DICOM Library, developed by Kitware, contains a vulnerability in the vtkDICOMItem::NewDataElement function. This weak point is characterized by a heap-based buffer overflow, which could be exploited by malicious actors to execute arbitrary code, leading to potential disruptions and data compromise. Users are advised to patch their installations promptly to mitigate risks associated with this security flaw.

Affected Version(s)

vtk 9.5.2

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Feb 5, 2026

Credit

Discovered by Emmanuel Tacheau of Cisco Talos

CVE-2026-22879 Data

JSON

Vtk

What is CVE-2026-22879?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit