PYSEC-2025-225

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/vtk/PYSEC-2025-225.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2025-225

Aliases

CVE-2025-57107

Published

2025-10-31T15:15:42.443Z

Modified

2026-05-20T09:19:21.958170Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.

References

https://gitlab.kitware.com/vtk/vtk/-/issues/19732

Affected packages

PyPI / vtk

Package

Name: vtk; View open source insights on deps.dev
Purl: pkg:pypi/vtk

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.5.1

Affected versions

8.*

8.1.0

8.1.1

8.1.2

9.*

9.0.0

9.0.1

9.0.2

9.0.3

9.1.0

9.2.2

9.2.4

9.2.5

9.2.6

9.3.0

9.3.1

9.3.20230807rc0

9.4.0

9.4.1

9.4.2

9.5.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/vtk/PYSEC-2025-225.yaml"