GHSA-prp5-qv62-frpc
A heap-based buffer overflow vulnerability exists in the vtkDICOMItem::NewDataElement function within the vtk-dicom component of the VTK library. This vulnerability is identified as CVE-2026-22879 and is classified under CWE-129 (Improper Validation of Array Index). The vulnerability has a high severity rating and a CVSS 3.1 vector indicating network attack complexity is high, no privileges or user interaction required, and impacts confidentiality, integrity, and availability. No affected versions or patches are currently specified.
AI Analysis
Technical Summary
CVE-2026-22879 is a heap-based buffer overflow vulnerability in the vtkDICOMItem::NewDataElement function of the vtk-dicom module in the VTK library. The issue arises from improper validation of array indices (CWE-129), which can lead to memory corruption. The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates the vulnerability can be exploited remotely over the network but requires high attack complexity, with no privileges or user interaction needed. Successful exploitation could result in full compromise of confidentiality, integrity, and availability of the affected system. No known exploits in the wild or vendor patches are currently documented.
Potential Impact
The vulnerability allows remote attackers to cause a heap-based buffer overflow, potentially leading to arbitrary code execution or denial of service. The CVSS score reflects high impact on confidentiality, integrity, and availability. However, exploitation requires high attack complexity, which may limit practical exploitation scenarios. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should monitor official VTK and vtk-dicom project advisories for updates. No specific mitigations are provided at this time.
GHSA-prp5-qv62-frpc
Description
A heap-based buffer overflow vulnerability exists in the vtkDICOMItem::NewDataElement function within the vtk-dicom component of the VTK library. This vulnerability is identified as CVE-2026-22879 and is classified under CWE-129 (Improper Validation of Array Index). The vulnerability has a high severity rating and a CVSS 3.1 vector indicating network attack complexity is high, no privileges or user interaction required, and impacts confidentiality, integrity, and availability. No affected versions or patches are currently specified.
CVSS v3.1
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-22879 is a heap-based buffer overflow vulnerability in the vtkDICOMItem::NewDataElement function of the vtk-dicom module in the VTK library. The issue arises from improper validation of array indices (CWE-129), which can lead to memory corruption. The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates the vulnerability can be exploited remotely over the network but requires high attack complexity, with no privileges or user interaction needed. Successful exploitation could result in full compromise of confidentiality, integrity, and availability of the affected system. No known exploits in the wild or vendor patches are currently documented.
Potential Impact
The vulnerability allows remote attackers to cause a heap-based buffer overflow, potentially leading to arbitrary code execution or denial of service. The CVSS score reflects high impact on confidentiality, integrity, and availability. However, exploitation requires high attack complexity, which may limit practical exploitation scenarios. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should monitor official VTK and vtk-dicom project advisories for updates. No specific mitigations are provided at this time.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-prp5-qv62-frpc
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-22879"]
- Ecosystems
- []
- Database Specific Severity
- HIGH
- Cvss Version
- 3.1
Threat ID: 6a3ef7d027e9c79719002a99
Added to database: 06/26/2026, 22:06:08 UTC
Last enriched: 06/26/2026, 22:37:34 UTC
Last updated: 06/27/2026, 00:31:24 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.