Segmentation Models PyTorch
General Information
| Field | Value |
|---|---|
| Package Name | segmentation-models-pytorch (smp) |
| Manufacturer / Vendor | Pavel Yakubovskiy / qubvel-org and contributors |
| Software Category | Library |
| Primary Documentation | Documentation, GitHub, PyPI |
| Programming Language(s) | Python |
| License | MIT License |
| Deployed Version(s) | >=0.4.0 (version-locked at 0.5.0) |
| Most Recent Available Version | 0.5.0 |
| Last Review Date | 2026-01-26 |
Overview
Segmentation Models PyTorch (smp) is a Python library providing neural networks for image semantic segmentation based on PyTorch. The library offers 12 encoder-decoder architectures (including Unet, UnetPlusPlus, DeepLabV3Plus, FPN, and others) combined with 800+ pretrained encoder backbones. It provides a high-level API that enables the creation of segmentation networks with just two lines of code, while still allowing fine-grained control over model architecture and preprocessing.
Within the medical device software, segmentation-models-pytorch serves as the foundational deep learning library for all clinical sign segmentation and classification pipelines. The library is integrated into the legithp-expert framework and used across 44+ AI expert microservices. Specifically, it is used for:
- Clinical sign segmentation: Pixel-level detection and boundary delineation of dermatological features including lesions, erythema, wounds, pigmentation anomalies, and nail pathologies
- Severity classification: Extraction of encoder features for clinical sign severity scoring (10-class classification) using encoder-only model configurations
- Input standardization: Providing ImageNet normalization parameters for consistent preprocessing across all AI models
The library was selected for its comprehensive encoder-decoder architecture support, extensive pretrained backbone collection compatible with transfer learning, consistent API across model families, active maintenance, and permissive MIT licensing suitable for commercial medical device software.
Functional Requirements
The following functional capabilities of this SOUP are relied upon by the medical device software.
| Requirement ID | Description | Source / Reference |
|---|---|---|
| FR-001 | Create segmentation model instances from architecture and encoder name strings | smp.create_model() function |
| FR-002 | Provide DeepLabV3Plus architecture for clinical sign segmentation and classification | DeepLabV3Plus model implementation |
| FR-003 | Provide Unet architecture for multi-class lesion detection | Unet model implementation |
| FR-004 | Support EfficientNet family encoders (B1, B2) as feature extraction backbones | EfficientNet encoder implementations |
| FR-005 | Support ResNet family encoders (ResNet101) for complex boundary detection tasks | ResNet encoder implementations |
| FR-006 | Retrieve ImageNet normalization parameters (mean, std) for each encoder | smp.encoders.get_preprocessing_params() |
| FR-007 | Expose encoder output channel dimensions for custom classification head dimensioning | model.encoder.out_channels attribute |
| FR-008 | Support configurable number of input channels and output classes | in_channels and classes parameters |
| FR-009 | Allow instantiation without pretrained weights for loading custom-trained weights | encoder_weights=None parameter |
Performance Requirements
The following performance expectations are relevant to the medical device software.
| Requirement ID | Description | Acceptance Criteria |
|---|---|---|
| PR-001 | Model instantiation shall complete within acceptable initialization time | Model creation < 30 seconds on target hardware |
| PR-002 | Segmentation inference shall produce pixel-level masks within API latency bounds | Inference completes within overall request timeout |
| PR-003 | Feature extraction shall maintain numerical precision for downstream processing | Float32 tensor output with standard IEEE 754 precision |
| PR-004 | Memory footprint shall allow concurrent model loading for multi-task pipelines | Models fit within allocated GPU memory per service instance |
Hardware Requirements
The following hardware dependencies or constraints are imposed by this SOUP component.
| Requirement ID | Description | Notes / Limitations |
|---|---|---|
| HR-001 | CUDA-compatible GPU recommended for efficient inference | CPU inference supported but significantly slower |
| HR-002 | Sufficient GPU memory for encoder-decoder architectures | DeepLabV3Plus + EfficientNet-B2: ~100MB; Unet + ResNet101: ~300MB |
| HR-003 | System memory for model weight loading and tensor storage | Minimum 8GB RAM recommended for model operations |
Software Requirements
The following software dependencies and environmental assumptions are required by this SOUP component.
| Requirement ID | Description | Dependency / Version Constraints |
|---|---|---|
| SR-001 | Python runtime environment | Python >=3.9 |
| SR-002 | PyTorch deep learning framework | torch >=2.0.0 (recommend >=2.6.0) |
| SR-003 | torchvision for image transformations | torchvision >=0.15.0 |
| SR-004 | timm library for transformer-based encoders | timm >=1.0.9 (for tu- prefixed encoders) |
| SR-005 | NumPy for array operations | Compatible NumPy version |
Known Anomalies Assessment
This section evaluates publicly reported issues, defects, or security vulnerabilities associated with this SOUP component and their relevance to the medical device software.
| Anomaly Reference | Status | Applicable | Rationale | Reviewed At |
|---|---|---|---|---|
| CVE-2025-32434 (PyTorch torch.load RCE) | Fixed | No | Affects PyTorch <=2.5.1; the device uses version-locked PyTorch dependencies. Model weights are loaded from pre-verified, internally cached sources. Production deployments use PyTorch >=2.6.0 with weights_only=True to mitigate this risk | 2026-01-26 |
| CVE-2025-2953 (PyTorch DoS) | Open | No | Affects torch.mkldnn_max_pool2d function not used by segmentation-models-pytorch architectures or the device's segmentation/classification pipelines | 2026-01-26 |
As of the review date, no security vulnerabilities have been reported in the National Vulnerability Database (NVD) or GitHub Security Advisories specifically for the segmentation-models-pytorch package. This is consistent with the library's architectural role: it primarily provides model architecture definitions and neural network layer compositions rather than implementing low-level data parsing, network communication, or file system operations that typically introduce security vulnerabilities. According to Snyk's security analysis, the package has been scanned and deemed safe to use. The project does not maintain a formal security policy (SECURITY.md), which is common for research-originated open-source projects.
The vulnerabilities documented in the table above are framework-level issues in PyTorch rather than in segmentation-models-pytorch specifically. Because the library depends on PyTorch for all tensor operations and model execution, vulnerabilities in the underlying framework are monitored as part of the overall dependency security assessment.
The device's usage pattern minimizes attack surface exposure:
- No dynamic model loading from external sources: All segmentation and classification models are instantiated via
smp.create_model()with predefined architecture and encoder names; no arbitrary model configurations are accepted from user input - Pre-trained weights from verified sources: Model weights are trained internally and cached before deployment; no weights are downloaded at runtime from external sources
- Version locking: Requirements lock files pin segmentation-models-pytorch to version 0.5.0 and PyTorch to verified versions, ensuring reproducible and auditable deployments
- Limited API surface: The device uses only
create_model()for model instantiation andencoders.get_preprocessing_params()for normalization; no experimental or unsafe features are utilized
Risk Control Measures
The following risk control measures are implemented to mitigate potential security and operational risks associated with this SOUP component:
- Version locking via requirements_lock.txt files ensures reproducible deployments
- Model weights are trained internally and cached before deployment
- No runtime model configuration from external inputs
- Underlying PyTorch version maintained at >=2.6.0 to include security fixes
- Limited API surface usage (
create_model()andencoders.get_preprocessing_params()only)
Assessment Methodology
Known anomalies were identified and assessed using the following methodology:
-
Sources consulted:
- National Vulnerability Database (NVD) search for "segmentation-models-pytorch" and "smp"
- GitHub Security Advisories for the qubvel-org/segmentation_models.pytorch repository
- PyPI package security reports
- Dependency vulnerability scanners (pip-audit, safety)
- PyTorch framework security advisories (as the primary dependency)
-
Criteria for determining applicability:
- Vulnerability must affect deployed versions (0.4.0+)
- Vulnerability must be exploitable in the device's operational context
- Vulnerability must impact the specific smp functions used (
create_model(),encoders.get_preprocessing_params())
Signature meaning
The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:
- Author: Team members involved
- Reviewer: JD-003, JD-004
- Approver: JD-001