← Back
2025-10-31 0:0CVE-2025-57107mitre
PUBLISHED5.2

Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.

Affected products

n/a - AFFECTED

References

gitlab.kitware.com

https://gitlab.kitware.com/vtk/vtk/-/issues/19732

GitHub Security Advisories

GHSA-6hj2-fxwr-rvj5

Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability...

https://github.com/advisories/GHSA-6hj2-fxwr-rvj5

Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2025-57107

gitlab.kitware.com

https://gitlab.kitware.com/vtk/vtk/-/issues/19732

github.com

https://github.com/advisories/GHSA-6hj2-fxwr-rvj5

JSON source

Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-57107",
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "dateUpdated": "2025-10-31T18:06:36.870Z",
    "dateReserved": "2025-08-17T00:00:00.000Z",
    "datePublished": "2025-10-31T00:00:00.000Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre",
        "dateUpdated": "2025-10-31T14:54:36.361Z"
      },
      "descriptions": [
        {
          "lang": "en",
          "value": "Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations."
        }
      ],
      "affected": [
        {
          "vendor": "n/a",
          "product": "n/a",
          "versions": [
            {
              "version": "n/a",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "n/a",
              "type": "text"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://gitlab.kitware.com/vtk/vtk/-/issues/19732"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2025-10-31T18:06:36.870Z"
        },
        "title": "CISA ADP Vulnrichment",
        "problemTypes": [
          {
            "descriptions": [
              {
                "lang": "en",
                "description": "CWE-122 Heap-based Buffer Overflow",
                "cweId": "CWE-122",
                "type": "CWE"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "version": "3.1",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
              "attackVector": "LOCAL",
              "attackComplexity": "LOW",
              "privilegesRequired": "NONE",
              "userInteraction": "REQUIRED",
              "scope": "UNCHANGED",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH"
            }
          },
          {}
        ]
      }
    ]
  }
}

Mitre source

https://cveawg.mitre.org/api/cve/CVE-2025-57107