What you need to know today.
Multiple low-risk vulnerabilities disclosed, including heap overflow in vtk-dicom and memory issues in FFmpeg and TIFF decoders.
The Debian package vtk-dicom, specifically within the vtkDICOMItem::NewDataElement function, is susceptible to a heap-based buffer overflow vulnerability. This flaw could allow an attacker to overwrite memory regions, potentially leading to denial-of-service or code execution. The vulnerability is present in the vtk-dicom package, and users should update to a patched version when available. CVE-2026-22879 is associated with this issue.
FFmpeg, a widely used multimedia framework, has a vulnerability in its RASC video decoder. The issue lies in how it handles DLTA regions, performing 32-bit reads and writes before a crucial boundary check and validating pixel data instead of byte units. This could be exploited by a crafted video file to cause a crash or potentially other unintended behavior. CVE-2026-58049 details this vulnerability.
A vulnerability exists in the TIFF decoder used in Debian, where it fails to enforce a limit on the size of tiles in tiled images. This could enable an attacker to provide a malicious or corrupt image file containing excessively large tiles, leading to unbounded memory consumption and a denial-of-service condition. CVE-2026-46602 describes this flaw.
Several other low-risk vulnerabilities have been identified, including CVE-2026-53325, CVE-2026-13501, CVE-2026-13500, CVE-2026-13503, and CVE-2026-13502. While these currently pose a low risk, it is advisable to monitor for updates and patches from the respective vendors.