UBUNTU-CVE-2025-57107

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-57107

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-57107.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-57107

Upstream

CVE-2025-57107

Published

2025-10-31T00:00:00Z

Modified

2025-11-04T05:28:38Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.

References

Affected packages

Ubuntu:Pro:14.04:LTS / vtk

Package

Name: vtk
Purl: pkg:deb/ubuntu/vtk@5.8.0-14.1ubuntu3+esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.8.0-14ubuntu1

5.8.0-14ubuntu3

5.8.0-14.1ubuntu2

5.8.0-14.1ubuntu3

5.8.0-14.1ubuntu3+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libvtk-java",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "libvtk5-dev",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "libvtk5-qt4-dev",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "libvtk5.8",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "libvtk5.8-qt4",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "python-vtk",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "tcl-vtk",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "vtk-examples",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / vtk

Package

Name: vtk
Purl: pkg:deb/ubuntu/vtk@5.10.1+dfsg-2.1ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.10.1+dfsg-2

5.10.1+dfsg-2build3

5.10.1+dfsg-2.1build1

5.10.1+dfsg-2.1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libvtk-java",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libvtk5-dev",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libvtk5-qt4-dev",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libvtk5.10",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libvtk5.10-qt4",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "python-vtk",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "tcl-vtk",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "vtk-examples",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        }
    ]
}