CVE-2025-57108

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-57108

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-57108.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-57108

Downstream

DEBIAN-CVE-2025-57108

UBUNTU-CVE-2025-57108

Published

2025-10-31T15:15:42Z

Modified

2025-11-02T04:20:28.306695Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.

References

https://gitlab.kitware.com/vtk/vtk/-/issues/19736

Affected packages

Git / gitlab.kitware.com/vtk/vtk

Affected ranges

Type: GIT
Repo: https://gitlab.kitware.com/vtk/vtk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

e70c856bd9122ad759921c61d86a153e0311e20d

Affected versions

v1.*

v1.1.x

v1.2.x

v1.3.x

v2.*

v2.0.x

v2.1.x

v2.2.x

v2.3.x

v2.4.0

v3.*

v3.1.1

v3.1.2

v3.2.0

v4.*

v4.0.2

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.4.0

v4.4.1

v4.4.2

v5.*

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.10.0

v5.10.0-rc1

v5.10.0-rc2

v5.10.0-rc3

v5.10.0-rc4

v5.10.1

v5.2.0

v5.2.1

v5.4.0

v5.4.2

v5.6.0

v5.6.1

v5.8.0

v6.*

v6.0.0

v6.0.0.rc1

v6.0.0.rc2

v6.0.0.rc3

v6.1.0

v6.1.0.rc1

v6.1.0.rc2

v6.2.0

v6.2.0.rc1

v6.3.0

v6.3.0-rc1

v6.3.0.rc1

v6.3.0.rc2

v7.*

v7.0.0

v7.0.0.rc1

v7.0.0.rc2

v7.1.0

v7.1.0.rc1

v7.1.0.rc2

v7.1.1

v8.*

v8.0.0

v8.0.0.rc1

v8.0.0.rc2

v8.0.1

v8.1.0

v8.1.0.rc1

v8.1.0.rc2

v8.1.0.rc3

v8.1.1

v8.1.2

v8.2.0

v8.2.0.rc1

v8.2.0.rc2

v9.*

v9.0.0

v9.0.0.rc1

v9.0.0.rc2

v9.0.0.rc3

v9.0.1

v9.0.2

v9.0.3

v9.1.0

v9.1.0.rc1

v9.1.0.rc2

v9.1.0.rc3

v9.1.0.rc4

v9.2.0

v9.2.0.rc1

v9.2.0.rc2

v9.2.1

v9.2.2

v9.2.3

v9.2.4

v9.2.5

v9.2.6

v9.3.0

v9.3.0.rc0

v9.3.0.rc1

v9.3.0.rc2

v9.3.1

v9.4.0

v9.4.0.rc1

v9.4.0.rc2

v9.4.0.rc3

v9.4.1

v9.4.2

v9.5.0

v9.5.0.rc0

v9.5.0.rc1

v9.5.0.rc2

v9.5.0.rc3