Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • Legit.Health Plus Version 1.1.0.0
    • CAPA Plan - BSI CE Mark Closeout
    • Index
    • Overview and Device Description
    • Information provided by the Manufacturer
    • Design and Manufacturing Information
      • R-TF-012-019 SOUPs
        • Aioboto3
        • Albumentations
        • Argon2-CFFI
        • Authlib
        • Boto3
        • Dependency Injector
        • Dill
        • FastAPI
        • PyTorch Grad-CAM
        • Httpx
        • NumPy
        • PyNVML
        • OpenCV
        • Pillow
        • Psutil
        • Pydantic
        • Pydantic Settings
        • PyYAML
        • Segmentation Models PyTorch
        • Starlette
        • Timm
        • PyTorch
        • TorchVision
        • Ultralytics YOLO
        • Uvicorn
      • R-TF-012-028 Software Requirement Specification
      • R-TF-012-029 Software Architecture Description
      • R-TF-012-030 Software Configuration Management Plan
      • R-TF-012-031 Product requirements specification
      • R-TF-012-037 Labeling and IFU Requirements
      • R-TF-012-040 Documentation level FDA
      • R-TF-012-041 Software Classification 62304
      • R-TF-012-043 Traceability Matrix
      • Review meetings
    • GSPR
    • Benefit-Risk Analysis and Risk Management
    • Product Verification and Validation
    • Post-Market Surveillance
  • Legit.Health Plus Version 1.1.0.1
  • Legit.Health Utilities
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Pricing
  • Public tenders
  • Legit.Health Plus Version 1.1.0.0
  • Design and Manufacturing Information
  • R-TF-012-019 SOUPs
  • Dill

Dill

General Information​

FieldValue
Package Namedill
Manufacturer / VendorMike McKerns / uqfoundation
Software CategoryLibrary
Primary DocumentationDocumentation, GitHub, PyPI
Programming Language(s)Python
LicenseBSD 3-Clause
Deployed Version(s)>=0.4.0 (version-locked at 0.4.0 in detection services)
Most Recent Available Version0.4.1
Last Review Date2026-01-27

Overview​

Dill is a Python serialization library that extends the standard pickle module to handle a broader range of Python object types. The library enables serialization of "exotic" Python types that pickle cannot handle, including lambda functions, nested functions, closures, code objects, and modules. With over 2,400 GitHub stars and 236,000 dependent projects, dill is widely adopted in the scientific Python ecosystem, particularly in distributed computing and machine learning frameworks.

Within the medical device software, dill is an indirect dependency used exclusively by the Ultralytics YOLO object detection framework. It is not directly imported or invoked by the device's custom code. The specific usage context is:

  • Detection expert module: The legithp-expert[detection] optional extra declares dill as a dependency alongside Ultralytics
  • YOLO model serialization: Ultralytics internally uses dill to serialize and deserialize YOLO model checkpoints (.pt files) containing complex Python objects such as lambda functions, custom loss functions, and callback definitions that standard pickle cannot handle

Dill was included as a dependency because:

  • Required by Ultralytics YOLO for model checkpoint serialization
  • Handles complex Python objects (lambdas, closures) embedded in YOLO model architectures
  • BSD 3-Clause license permits commercial use in medical device software

Functional Requirements​

The following functional capabilities of this SOUP are relied upon by the medical device software (via Ultralytics).

Requirement IDDescriptionSource / Reference
FR-001Serialize Python objects to byte streamsdill.dumps() function
FR-002Deserialize byte streams back to Python objectsdill.loads() function
FR-003Handle lambda functions and closures during serializationExtended pickle protocol for exotic types
FR-004Maintain compatibility with standard pickle protocolPickle protocol levels 0–5
FR-005Serialize code objects and nested functionsSupport for types.CodeType objects

Performance Requirements​

The following performance expectations are relevant to the medical device software.

Requirement IDDescriptionAcceptance Criteria
PR-001Model loading shall complete within service startup boundsDeserialization does not dominate startup time
PR-002Memory usage shall be bounded during deserializationNo memory leaks from repeated model loads

Hardware Requirements​

The following hardware dependencies or constraints are imposed by this SOUP component.

Requirement IDDescriptionNotes / Limitations
HR-001Sufficient system memory for object graphMemory scales with serialized object size
HR-002x86-64 or ARM64 processor architecturePure Python; no platform-specific binaries

Software Requirements​

The following software dependencies and environmental assumptions are required by this SOUP component.

Requirement IDDescriptionDependency / Version Constraints
SR-001Python runtime environmentPython >=3.9 (device uses >=3.12)
SR-002Setuptools for installationSetuptools >=42
SR-003Standard library pickle moduleBundled with Python

Known Anomalies Assessment​

This section evaluates publicly reported issues, defects, or security vulnerabilities associated with this SOUP component and their relevance to the medical device software.

No CVEs or security vulnerabilities have been identified for dill. A comprehensive review of the following security databases was conducted on 2026-01-27:

  • National Vulnerability Database (NVD) — no entries for "dill python"
  • GitHub Security Advisories for uqfoundation/dill — no published advisories
  • Snyk vulnerability database — no known vulnerabilities

However, dill shares the fundamental security characteristics of Python's pickle module: deserialization can execute arbitrary code. This is by design, as pickle-family libraries reconstruct Python objects including their methods and internal state. The dill documentation explicitly states: "it is left to the user to decide whether the data they unpickle is from a trustworthy source."

The device's usage pattern eliminates exposure to insecure deserialization risks:

  • No external file loading: The device does not use dill to deserialize data from external or user-supplied sources
  • Controlled model sources: YOLO model weights are pre-packaged, versioned, and retrieved exclusively from trusted internal storage (S3 buckets under organizational control)
  • Indirect usage only: Dill is invoked internally by Ultralytics; the device code does not directly call dill.load() or dill.loads()
  • Version locking: Requirements lock files pin dill to version 0.4.0, ensuring reproducible and auditable deployments
  • Container isolation: Detection services run in isolated containers with restricted filesystem access
  • No pickle from API inputs: The device API accepts only validated JSON and image data; no serialized Python objects are accepted from clients

Risk Control Measures​

The following risk control measures are implemented to mitigate potential security and operational risks associated with this SOUP component:

  • Version locking via requirements_lock.txt ensures reproducible, auditable deployments
  • Model weights are loaded only from trusted, organization-controlled S3 storage
  • No user-supplied or external pickle/dill data is ever deserialized
  • Container isolation restricts filesystem access to required paths only
  • The device does not use dill's load_module() or session-saving features
  • Input validation at API boundaries rejects all non-JSON payloads

Assessment Methodology​

The following methodology was used to identify and assess known anomalies:

  • Sources consulted:

    • National Vulnerability Database (NVD) search for "dill python"
    • GitHub Security Advisories for uqfoundation/dill
    • Snyk vulnerability database and package advisor
    • PyPI package page
    • OWASP insecure deserialization guidance
    • Security research on pickle-based serialization vulnerabilities

  • Criteria for determining applicability:

    • Vulnerability must affect deployed versions (dill 0.4.0)
    • Vulnerability must be exploitable through the device's operational context (controlled model loading, no external deserialization)
    • Attack vector must be reachable through the device's interfaces (no user-supplied serialized data)
    • Storage controls and container isolation must not already mitigate the vulnerability

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003, JD-004
  • Approver: JD-001
Previous
Dependency Injector
Next
FastAPI
  • General Information
  • Overview
  • Functional Requirements
  • Performance Requirements
  • Hardware Requirements
  • Software Requirements
  • Known Anomalies Assessment
    • Risk Control Measures
    • Assessment Methodology
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI Labs Group S.L.)