Nixpkgs Security Tracker

Untriaged

Permalink CVE-2026-4739

created 23 hours ago

Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK

Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1.

References

https://github.com/InsightSoftwareConsortium/ITK/pull/5351 patch

Affected products

ITK

<2.7.1

Matching in nixpkgs

pkgs.itk

Insight Segmentation and Registration Toolkit

nixos-unstable 5.4.5
- nixpkgs-unstable 5.4.5
- nixos-unstable-small 5.4.5
nixos-25.11 5.4.4
- nixos-25.11-small 5.4.4
- nixpkgs-25.11-darwin 5.4.4

pkgs.itk_5

Insight Segmentation and Registration Toolkit

nixos-unstable 5.4.5
- nixpkgs-unstable 5.4.5
- nixos-unstable-small 5.4.5
nixos-25.11 5.4.4
- nixos-25.11-small 5.4.4
- nixpkgs-25.11-darwin 5.4.4

pkgs.itk_5_2

Insight Segmentation and Registration Toolkit

nixos-unstable 5.2.1
- nixpkgs-unstable 5.2.1
- nixos-unstable-small 5.2.1
nixos-25.11 5.2.1
- nixos-25.11-small 5.2.1
- nixpkgs-25.11-darwin 5.2.1

pkgs.gitkraken

Simplifying Git for any OS

nixos-unstable 11.6.0
- nixpkgs-unstable 11.6.0
- nixos-unstable-small 11.6.0
nixos-25.11 11.6.0
- nixos-25.11-small 11.6.0
- nixpkgs-25.11-darwin 11.6.0

pkgs.simpleitk

Simplified interface to ITK

nixos-unstable 2.5.3
- nixpkgs-unstable 2.5.3
- nixos-unstable-small 2.5.3
nixos-25.11 2.5.3
- nixos-25.11-small 2.5.3
- nixpkgs-25.11-darwin 2.5.3

pkgs.pkgsRocm.itk

Insight Segmentation and Registration Toolkit

nixos-unstable 5.4.5
- nixpkgs-unstable 5.4.5
- nixos-unstable-small 5.4.5
nixos-25.11 5.4.4
- nixos-25.11-small 5.4.4
- nixpkgs-25.11-darwin 5.4.4

pkgs.pkgsRocm.itk_5

Insight Segmentation and Registration Toolkit

nixos-unstable 5.4.5
- nixpkgs-unstable 5.4.5
- nixos-unstable-small 5.4.5
nixos-25.11 5.4.4
- nixos-25.11-small 5.4.4
- nixpkgs-25.11-darwin 5.4.4

pkgs.pkgsRocm.itk_5_2

Insight Segmentation and Registration Toolkit

nixos-unstable 5.2.1
- nixpkgs-unstable 5.2.1
- nixos-unstable-small 5.2.1
nixos-25.11 5.2.1
- nixos-25.11-small 5.2.1
- nixpkgs-25.11-darwin 5.2.1

pkgs.pkgsRocm.simpleitk

Simplified interface to ITK

nixos-unstable 2.5.3
- nixpkgs-unstable 2.5.3
- nixos-unstable-small 2.5.3
nixos-25.11 2.5.3
- nixos-25.11-small 2.5.3
- nixpkgs-25.11-darwin 2.5.3

pkgs.tclPackages.itktcl

Mega-widget toolkit for incr Tk

nixos-unstable 4.1.0
- nixpkgs-unstable 4.1.0
- nixos-unstable-small 4.1.0
nixos-25.11 4.1.0
- nixos-25.11-small 4.1.0
- nixpkgs-25.11-darwin 4.1.0

pkgs.python312Packages.itk

Insight Segmentation and Registration Toolkit

nixos-25.11 5.4.4
- nixos-25.11-small 5.4.4
- nixpkgs-25.11-darwin 5.4.4

pkgs.python313Packages.itk

Insight Segmentation and Registration Toolkit

nixos-unstable 5.4.5
- nixpkgs-unstable 5.4.5
- nixos-unstable-small 5.4.5
nixos-25.11 5.4.4
- nixos-25.11-small 5.4.4
- nixpkgs-25.11-darwin 5.4.4

pkgs.python314Packages.itk

Insight Segmentation and Registration Toolkit

nixos-unstable 5.4.5
- nixpkgs-unstable 5.4.5
- nixos-unstable-small 5.4.5

pkgs.python312Packages.nuitka

Python compiler with full language support and CPython compatibility

nixos-25.11 2.7.15
- nixos-25.11-small 2.7.15
- nixpkgs-25.11-darwin 2.7.15

pkgs.python313Packages.nuitka

Python compiler with full language support and CPython compatibility

nixos-unstable 2.8.10
- nixpkgs-unstable 2.8.10
- nixos-unstable-small 2.8.10
nixos-25.11 2.7.15
- nixos-25.11-small 2.7.15
- nixpkgs-25.11-darwin 2.7.15

pkgs.python314Packages.nuitka

Python compiler with full language support and CPython compatibility

nixos-unstable 2.8.10
- nixpkgs-unstable 2.8.10
- nixos-unstable-small 2.8.10

pkgs.apacheHttpdPackages.mod_itk

MPM (Multi-Processing Module) for the Apache web server

nixos-unstable 2.4.7-04
- nixpkgs-unstable 2.4.7-04
- nixos-unstable-small 2.4.7-04
nixos-25.11 2.4.7-04
- nixos-25.11-small 2.4.7-04
- nixpkgs-25.11-darwin 2.4.7-04

pkgs.python312Packages.simpleitk

Simplified interface to ITK

nixos-25.11 2.5.3
- nixos-25.11-small 2.5.3
- nixpkgs-25.11-darwin 2.5.3

pkgs.python313Packages.simpleitk

Simplified interface to ITK

nixos-unstable 2.5.3
- nixpkgs-unstable 2.5.3
- nixos-unstable-small 2.5.3
nixos-25.11 2.5.3
- nixos-25.11-small 2.5.3
- nixpkgs-25.11-darwin 2.5.3

pkgs.python314Packages.simpleitk

Simplified interface to ITK

nixos-unstable 2.5.3
- nixpkgs-unstable 2.5.3
- nixos-unstable-small 2.5.3

pkgs.pkgsRocm.python3Packages.itk

Insight Segmentation and Registration Toolkit

nixos-unstable 5.4.5
- nixpkgs-unstable 5.4.5
- nixos-unstable-small 5.4.5
nixos-25.11 5.4.4
- nixos-25.11-small 5.4.4
- nixpkgs-25.11-darwin 5.4.4

pkgs.apacheHttpdPackages_2_4.mod_itk

MPM (Multi-Processing Module) for the Apache web server

nixos-unstable 2.4.7-04
- nixpkgs-unstable 2.4.7-04
- nixos-unstable-small 2.4.7-04
nixos-25.11 2.4.7-04
- nixos-25.11-small 2.4.7-04
- nixpkgs-25.11-darwin 2.4.7-04

pkgs.pkgsRocm.python3Packages.simpleitk

Simplified interface to ITK

nixos-unstable 2.5.3
- nixpkgs-unstable 2.5.3
- nixos-unstable-small 2.5.3
nixos-25.11 2.5.3
- nixos-25.11-small 2.5.3
- nixpkgs-25.11-darwin 2.5.3

Package maintainers

@zupo Nejc Zupan <nejczupan+nix@gmail.com>
@Rishik-Y Rishik Yalamanchili <202301258@daiict.ac.in>
@nicolas-goudry Nicolas Goudry <goudry.nicolas@gmail.com>
@bcdarwin Ben Darwin <bcdarwin@gmail.com>
@thoughtpolice Austin Seipp <aseipp@pobox.com>

Untriaged

Permalink CVE-2025-11266

6.6 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): HIGH

created 2 months ago

Grassroots DICOM (GDCM) Out-of-bounds Write

An out-of-bounds write vulnerability exists in the Grassroots DICOM library (GDCM). The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments (compressed image data stored as multiple fragments). This vulnerability leads to a segmentation fault caused by an out-of-bounds memory access due to unsigned integer underflow in buffer indexing. It is exploitable via file input, simply opening a crafted malicious DICOM file is sufficient to trigger the crash, resulting in a denial-of-service condition.

References

Affected products

medInria

=<4.0

SimpleITK

=<2.5.2

DICOM (GDCM)

=<3.0.24

Matching in nixpkgs

pkgs.simpleitk

Simplified interface to ITK

nixos-unstable 2.5.3
- nixpkgs-unstable 2.5.3
- nixos-unstable-small 2.5.3

pkgs.pkgsRocm.simpleitk

Simplified interface to ITK

nixos-unstable 2.5.3
- nixpkgs-unstable 2.5.3
- nixos-unstable-small 2.5.3

pkgs.python312Packages.simpleitk

Simplified interface to ITK

nixos-unstable 2.5.3
- nixpkgs-unstable 2.5.3
- nixos-unstable-small 2.5.3

pkgs.python313Packages.simpleitk

Simplified interface to ITK

nixos-unstable 2.5.3
- nixpkgs-unstable 2.5.3
- nixos-unstable-small 2.5.3

pkgs.pkgsRocm.python3Packages.simpleitk

Simplified interface to ITK

nixos-unstable 2.5.3
- nixpkgs-unstable 2.5.3
- nixos-unstable-small 2.5.3

Package maintainers

@bcdarwin Ben Darwin <bcdarwin@gmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.itk

pkgs.itk_5

pkgs.itk_5_2

pkgs.gitkraken

pkgs.simpleitk

pkgs.pkgsRocm.itk

pkgs.pkgsRocm.itk_5

pkgs.pkgsRocm.itk_5_2

pkgs.pkgsRocm.simpleitk

pkgs.tclPackages.itktcl

pkgs.python312Packages.itk

pkgs.python313Packages.itk

pkgs.python314Packages.itk

pkgs.python312Packages.nuitka

pkgs.python313Packages.nuitka

pkgs.python314Packages.nuitka

pkgs.apacheHttpdPackages.mod_itk

pkgs.python312Packages.simpleitk

pkgs.python313Packages.simpleitk

pkgs.python314Packages.simpleitk

pkgs.pkgsRocm.python3Packages.itk

pkgs.apacheHttpdPackages_2_4.mod_itk

pkgs.pkgsRocm.python3Packages.simpleitk

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.simpleitk

pkgs.pkgsRocm.simpleitk

pkgs.python312Packages.simpleitk

pkgs.python313Packages.simpleitk

pkgs.pkgsRocm.python3Packages.simpleitk

Package maintainers