CVE-2025-57107

HIGH7.1EPSS 0.02%

Published: 10/31/2025Modified: 5/20/2026

Description

Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.

Affected packages (2)

Debian/vtk9from 0
PyPI/vtkfrom 0, < 9.5.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.1	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References (2)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-57107
REPORThttps://gitlab.kitware.com/vtk/vtk/-/issues/19732