CVE-2025-57106

HIGH7.5EPSS 0.08%

Published: 10/31/2025Modified: 5/20/2026

Description

Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.

Affected packages (2)

Debian/vtk9from 0
PyPI/vtkfrom 0, < 9.5.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (3)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-57106
REPORThttps://gitlab.kitware.com/vtk/vtk/-/issues/19733
REPORThttps://gitlab.kitware.com/vtk/vtk/-/issues/19734