CVE-2026-22879

A flaw was found in vtk-dicom. A heap-based buffer overflow vulnerability exists in the vtkDICOMItem::NewDataElement function. A remote attacker could exploit this vulnerability without requiring user interaction or elevated privileges. Successful exploitation could lead to arbitrary code...

CVE-2026-22879

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

CVE-2026-22879

The CVE concerns the vtk-dicom component, specifically the vtkDICOMItem::NewDataElement function. It is described as a heap-based buffer overflow vulnerability in vtk-dicom. The CVSSv3.1 vector indicates a high-severity issue (C:H, I:H, A:H) with network attack vector, high attack complexity, no ...

vtk vtk-dicom vtkDICOMItem::FindDataElementOrInsert heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the vtkDICOMItem::FindDataElementOrInsert functionality of vtk-dicom versions: 9.5.2. A specially crafted DICOM file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

[SECURITY] Fedora 43 Update: vtk-9.2.6-44.fc43

VTK is an open-source software system for image processing, 3D graphics, volume rendering and visualization. VTK includes many advanced algorithms e.g., surface reconstruction, implicit modeling, decimation and rendering techniques e.g., hardware-accelerated volume rendering, LOD control. NOTE: T...

Fedora: Security Advisory (FEDORA-2026-55f82da186)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-ff768f8e37)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : vtk (2026-55f82da186)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-55f82da186 advisory. Add patch to fix integer overflow on 32-bit in KissFFT CVE-2025-34297 Tenable has extracted the preceding description block directly from the Fedora...

Fedora 42 : vtk (2026-ff768f8e37)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ff768f8e37 advisory. Add patch to fix integer overflow on 32-bit in KissFFT CVE-2025-34297 Tenable has extracted the preceding description block directly from the Fedora...

Advisory ROSA-SA-2026-3211

software: vtk 9.0.1 OS: ROSA-CHROME unaffected versions = vtk-9.0.1.1-6 affected versions vtk-9.0.1.1-6 CVE-ID: CVE-2025-57106 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Buffer overflow in Kitware VTK before 9.5.0 in the vtkGLTFDocumentLoader component. The vulnerability occurs in the...

SUSE CVE-2025-57109

Kitware VTK Visualization Toolkit 9.5.0 is vulnerable to Heap Use-After-Free in vtkGLTFImporter::ImportActors. When processing GLTF files with invalid scene node references, the application accesses string members of mesh objects that have been previously freed during actor import operations...

CVE-2025-57106

A flaw was found in Kitware VTK Visualization Toolkit. This vulnerability allows a buffer overflow via processing GLTF Graphics Language Transmission Format accessor data in the vtkGLTFDocumentLoader's BufferDataExtractionWorker template function...

EUVD-2025-37361

Kitware VTK Visualization Toolkit through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations...

EUVD-2025-37362

Kitware VTK Visualization Toolkit up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data...

abinitostudio (>=1.0.1 <=1.0.8), aicsshparam (>=0.0.6 <=0.0.12) +145 more potentially affected by CVE-2025-57108 via vtk (>=8.1.2 <=9.5.0)

vtk PYPI version =8.1.2, =1.0.1, =0.0.6, =0.1.8, =0.4.0, =0.13.1, =0.71.0, =0.2.0, =0.4.2, =2024.7.4, =0.0.4rc3, =0.2.5, =0.6.1, =1.0.0.0, =2.1.16 and more Source cves: CVE-2025-57108 Source advisory: OSV:PYSEC-2025-226...

abinitostudio (>=1.0.1 <=1.0.8), aicsshparam (>=0.0.6 <=0.0.12) +145 more potentially affected by CVE-2025-57107 via vtk (>=8.1.2 <=9.5.0)

vtk PYPI version =8.1.2, =1.0.1, =0.0.6, =0.1.8, =0.4.0, =0.13.1, =0.71.0, =0.2.0, =0.4.2, =2024.7.4, =0.0.4rc3, =0.2.5, =0.6.1, =1.0.0.0, =2.1.16 and more Source cves: CVE-2025-57107 Source advisory: OSV:PYSEC-2025-225...

abinitostudio (>=1.0.1 <=1.0.8), aicsshparam (>=0.0.6 <=0.0.12) +145 more potentially affected by CVE-2025-57106 via vtk (>=8.1.2 <=9.5.0)

vtk PYPI version =8.1.2, =1.0.1, =0.0.6, =0.1.8, =0.4.0, =0.13.1, =0.71.0, =0.2.0, =0.4.2, =2024.7.4, =0.0.4rc3, =0.2.5, =0.6.1, =1.0.0.0, =2.1.16 and more Source cves: CVE-2025-57106 Source advisory: OSV:PYSEC-2025-224...

CVE-2025-57107

Kitware VTK Visualization Toolkit through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations...

CVE-2025-57108

Kitware VTK Visualization Toolkit through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files...

CVE-2025-57107

Kitware VTK Visualization Toolkit through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations...