PYSEC-2025-224

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/vtk/PYSEC-2025-224.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2025-224

Aliases

CVE-2025-57106

Published

2025-10-31T15:15:42.317Z

Modified

2026-05-20T09:19:21.712041Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.

References

Affected packages

PyPI / vtk

Package

Name: vtk; View open source insights on deps.dev
Purl: pkg:pypi/vtk

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.5.1

Affected versions

8.*

8.1.0

8.1.1

8.1.2

9.*

9.0.0

9.0.1

9.0.2

9.0.3

9.1.0

9.2.2

9.2.4

9.2.5

9.2.6

9.3.0

9.3.1

9.3.20230807rc0

9.4.0

9.4.1

9.4.2

9.5.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/vtk/PYSEC-2025-224.yaml"