CVE-2025-57106

Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.

References

Affected packages

Git / gitlab.kitware.com/vtk/vtk

Affected ranges

Type

GIT

Repo

https://gitlab.kitware.com/vtk/vtk

Events

Introduced

Last affected

e70c856bd9122ad759921c61d86a153e0311e20d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.5.0"
        }
    ]
}

Affected versions

v1.*

v1.1.x

v1.2.x

v1.3.x

v2.*

v2.0.x

v2.1.x

v2.2.x

v2.3.x

v2.4.0

v3.*

v3.1.1

v3.1.2

v3.2.0

v4.*

v4.0.2

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.4.0

v4.4.1

v4.4.2

v5.*

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.10.0

v5.10.0-rc1

v5.10.0-rc2

v5.10.0-rc3

v5.10.0-rc4

v5.10.1

v5.2.0

v5.2.1

v5.4.0

v5.4.2

v5.6.0

v5.6.1

v5.8.0

v6.*

v6.0.0

v6.0.0.rc1

v6.0.0.rc2

v6.0.0.rc3

v6.1.0

v6.1.0.rc1

v6.1.0.rc2

v6.2.0

v6.2.0.rc1

v6.3.0

v6.3.0-rc1

v6.3.0.rc1

v6.3.0.rc2

v7.*

v7.0.0

v7.0.0.rc1

v7.0.0.rc2

v7.1.0

v7.1.0.rc1

v7.1.0.rc2

v7.1.1

v8.*

v8.0.0

v8.0.0.rc1

v8.0.0.rc2

v8.0.1

v8.1.0

v8.1.0.rc1

v8.1.0.rc2

v8.1.0.rc3

v8.1.1

v8.1.2

v8.2.0

v8.2.0.rc1

v8.2.0.rc2

v9.*

v9.0.0

v9.0.0.rc1

v9.0.0.rc2

v9.0.0.rc3

v9.0.1

v9.0.2

v9.0.3

v9.1.0

v9.1.0.rc1

v9.1.0.rc2

v9.1.0.rc3

v9.1.0.rc4

v9.2.0

v9.2.0.rc1

v9.2.0.rc2

v9.2.1

v9.2.2

v9.2.3

v9.2.4

v9.2.5

v9.2.6

v9.3.0

v9.3.0.rc0

v9.3.0.rc1

v9.3.0.rc2

v9.3.1

v9.4.0

v9.4.0.rc1

v9.4.0.rc2

v9.4.0.rc3

v9.4.1

v9.4.2

v9.5.0

v9.5.0.rc0

v9.5.0.rc1

v9.5.0.rc2

v9.5.0.rc3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57106.json"