Search for packages
| purl | pkg:pypi/vtk@9.4.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-c5b6-p1ee-6fgz
Aliases: CVE-2025-57106 PYSEC-2025-224 |
Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data. |
Affected by 0 other vulnerabilities. |
|
VCID-dayh-vxpr-n7h7
Aliases: CVE-2025-57108 PYSEC-2025-226 |
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures. |
Affected by 0 other vulnerabilities. |
|
VCID-tnex-thhe-bfba
Aliases: CVE-2025-57107 PYSEC-2025-225 |
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:23:23.916704+00:00 | Pypa Importer | Affected by | VCID-dayh-vxpr-n7h7 | https://github.com/pypa/advisory-database/blob/main/vulns/vtk/PYSEC-2025-226.yaml | 38.6.0 |
| 2026-06-02T04:23:23.820753+00:00 | Pypa Importer | Affected by | VCID-tnex-thhe-bfba | https://github.com/pypa/advisory-database/blob/main/vulns/vtk/PYSEC-2025-225.yaml | 38.6.0 |
| 2026-06-02T04:23:23.717333+00:00 | Pypa Importer | Affected by | VCID-c5b6-p1ee-6fgz | https://github.com/pypa/advisory-database/blob/main/vulns/vtk/PYSEC-2025-224.yaml | 38.6.0 |