DEBIAN-CVE-2025-57108
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-57108
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-57108.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-57108
- Upstream
- Published
- 2025-10-31T15:15:42Z
- Modified
- 2025-11-01T09:16:31.950134Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.
- References
Affected packages
Debian:11 / vtk9
Package
- Name
- vtk9
- Purl
- pkg:deb/debian/vtk9?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.1+dfsg1-8
9.0.3+dfsg1-1
9.0.3+dfsg1-2
9.0.3+dfsg1-2.1
9.0.3+dfsg1-2.1+hurd.1
9.0.3+dfsg1-2.1+hurd.2
9.0.3+dfsg1-3
9.1.0+dfsg1-1
9.1.0+dfsg2-1
9.1.0+dfsg2-2
9.1.0+really9.0.3+dfsg1-3
9.1.0+really9.0.3+dfsg1-4
9.1.0+really9.0.3+dfsg1-4+hurd.1
9.1.0+really9.1.0+dfsg2-3~exp1
9.1.0+really9.1.0+dfsg2-3~exp2
9.1.0+really9.1.0+dfsg2-3
9.1.0+really9.1.0+dfsg2-4
9.1.0+really9.1.0+dfsg2-5
9.1.0+really9.1.0+dfsg2-6
9.1.0+really9.1.0+dfsg2-7
9.1.0+really9.1.0+dfsg2-7.1
9.1.0+really9.1.0+dfsg2-8
9.2.6+dfsg1-1+exp1
9.2.6+dfsg1-1+exp2
9.3.0+dfsg1-1~exp1
9.3.0+dfsg1-1~exp2
9.3.0+dfsg1-1~exp3
9.3.0+dfsg1-1~exp4
9.3.0+dfsg1-1
9.3.0+dfsg1-1.1
9.3.0+dfsg1-2
9.3.0+dfsg1-3
9.3.0+dfsg1-3+hurd.1
9.3.0+dfsg1-4
9.3.0+dfsg1-4+m68k
9.3.0+dfsg1-4.1+hurd.1
9.3.0+dfsg1-5
9.3.0+dfsg1-6
9.3.0+dfsg1-7
9.5.2+dfsg1-1~exp1
9.5.2+dfsg2-1~exp1
9.5.2+dfsg2-1~exp2
9.5.2+dfsg2-1~exp3
9.5.2+dfsg2-1~exp4
9.5.2+dfsg2-1
9.5.2+dfsg2-2
9.5.2+dfsg2-3
9.5.2+dfsg2-4
Debian:12 / vtk9
Package
- Name
- vtk9
- Purl
- pkg:deb/debian/vtk9?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.1.0+really9.1.0+dfsg2-5
9.1.0+really9.1.0+dfsg2-5+deb12u1
9.1.0+really9.1.0+dfsg2-6
9.1.0+really9.1.0+dfsg2-7
9.1.0+really9.1.0+dfsg2-7.1
9.1.0+really9.1.0+dfsg2-8
9.2.6+dfsg1-1+exp1
9.2.6+dfsg1-1+exp2
9.3.0+dfsg1-1~exp1
9.3.0+dfsg1-1~exp2
9.3.0+dfsg1-1~exp3
9.3.0+dfsg1-1~exp4
9.3.0+dfsg1-1
9.3.0+dfsg1-1.1
9.3.0+dfsg1-2
9.3.0+dfsg1-3
9.3.0+dfsg1-3+hurd.1
9.3.0+dfsg1-4
9.3.0+dfsg1-4+m68k
9.3.0+dfsg1-4.1+hurd.1
9.3.0+dfsg1-5
9.3.0+dfsg1-6
9.3.0+dfsg1-7
9.5.2+dfsg1-1~exp1
9.5.2+dfsg2-1~exp1
9.5.2+dfsg2-1~exp2
9.5.2+dfsg2-1~exp3
9.5.2+dfsg2-1~exp4
9.5.2+dfsg2-1
9.5.2+dfsg2-2
9.5.2+dfsg2-3
9.5.2+dfsg2-4
Debian:13 / vtk9
Package
- Name
- vtk9
- Purl
- pkg:deb/debian/vtk9?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:14 / vtk9
Package
- Name
- vtk9
- Purl
- pkg:deb/debian/vtk9?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected