CVE-2026-22879

NameCVE-2026-22879
Descriptionvtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1142344

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vtk-dicom (PTS)bullseye0.8.12-4vulnerable
bookworm0.8.14-3.1vulnerable
trixie0.8.17-1vulnerable
forky0.8.17-2vulnerable
sid0.8.17-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
vtk-dicomsource(unstable)(unfixed)1142344

Notes

[trixie] - vtk-dicom <no-dsa> (Minor issue)
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2366
https://github.com/dgobbi/vtk-dicom/pull/253

Search for package or bug name: Reporting problems