CVE-2025-57106

Published: Oct 31, 2025Modified: Nov 5, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.

Affected (1)

Products: Vtk: Vtk

Vtk

1 product

Vtk

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vtk Vtk	Up to 9.5.0

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (2)

https://gitlab.kitware.com/vtk/vtk/-/issues/19733

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://gitlab.kitware.com/vtk/vtk/-/issues/19734

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.