CVE-2025-57106
- EPSS 0.07%
- Veröffentlicht 31.10.2025 00:00:00
- Zuletzt bearbeitet 05.11.2025 19:44:07
Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.
CVE-2025-57107
- EPSS 0.02%
- Veröffentlicht 31.10.2025 00:00:00
- Zuletzt bearbeitet 05.11.2025 19:42:17
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundar...
CVE-2025-57108
- EPSS 0.07%
- Veröffentlicht 31.10.2025 00:00:00
- Zuletzt bearbeitet 05.11.2025 19:37:49
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has ...
CVE-2021-42521
- EPSS 0.09%
- Veröffentlicht 25.08.2022 18:15:09
- Zuletzt bearbeitet 21.11.2024 06:27:43
There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the retu...