UBUNTU-CVE-2025-57108

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-57108

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-57108.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-57108

Upstream

CVE-2025-57108

Published

2025-10-31T00:00:00Z

Modified

2025-11-04T05:28:38Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.

References

Affected packages

Ubuntu:Pro:14.04:LTS / vtk

Package

Name: vtk
Purl: pkg:deb/ubuntu/vtk@5.8.0-14.1ubuntu3+esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.8.0-14ubuntu1

5.8.0-14ubuntu3

5.8.0-14.1ubuntu2

5.8.0-14.1ubuntu3

5.8.0-14.1ubuntu3+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libvtk-java",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "libvtk5-dev",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "libvtk5-qt4-dev",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "libvtk5.8",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "libvtk5.8-qt4",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "python-vtk",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "tcl-vtk",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        },
        {
            "binary_name": "vtk-examples",
            "binary_version": "5.8.0-14.1ubuntu3+esm1"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / vtk

Package

Name: vtk
Purl: pkg:deb/ubuntu/vtk@5.10.1+dfsg-2.1ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.10.1+dfsg-2

5.10.1+dfsg-2build3

5.10.1+dfsg-2.1build1

5.10.1+dfsg-2.1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libvtk-java",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libvtk5-dev",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libvtk5-qt4-dev",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libvtk5.10",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libvtk5.10-qt4",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "python-vtk",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "tcl-vtk",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        },
        {
            "binary_name": "vtk-examples",
            "binary_version": "5.10.1+dfsg-2.1ubuntu0.1~esm1"
        }
    ]
}