Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/vtk@9.5.1

Type pypi

Namespace

Name vtk

Version 9.5.1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 9.5.1

Latest_non_vulnerable_version 9.5.1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-c5b6-p1ee-6fgz

vulnerability_id VCID-c5b6-p1ee-6fgz

summary Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.

references

reference_url

https://gitlab.kitware.com/vtk/vtk/-/issues/19733

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://gitlab.kitware.com/vtk/vtk/-/issues/19733

reference_url

https://gitlab.kitware.com/vtk/vtk/-/issues/19734

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://gitlab.kitware.com/vtk/vtk/-/issues/19734

fixed_packages

url	pkg:pypi/vtk@9.5.1
purl	pkg:pypi/vtk@9.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.5.1

aliases CVE-2025-57106, PYSEC-2025-224

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5b6-p1ee-6fgz

url VCID-dayh-vxpr-n7h7

vulnerability_id VCID-dayh-vxpr-n7h7

summary Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.

references

reference_url

https://gitlab.kitware.com/vtk/vtk/-/issues/19736

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://gitlab.kitware.com/vtk/vtk/-/issues/19736

fixed_packages

url	pkg:pypi/vtk@9.5.1
purl	pkg:pypi/vtk@9.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.5.1

aliases CVE-2025-57108, PYSEC-2025-226

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dayh-vxpr-n7h7

url VCID-tnex-thhe-bfba

vulnerability_id VCID-tnex-thhe-bfba

summary Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.

references

reference_url

https://gitlab.kitware.com/vtk/vtk/-/issues/19732

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

url

https://gitlab.kitware.com/vtk/vtk/-/issues/19732

fixed_packages

url	pkg:pypi/vtk@9.5.1
purl	pkg:pypi/vtk@9.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.5.1

aliases CVE-2025-57107, PYSEC-2025-225

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tnex-thhe-bfba

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.5.1

Package Instance