{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37139?format=json","vulnerability_id":"VCID-dayh-vxpr-n7h7","summary":"Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.","aliases":[{"alias":"CVE-2025-57108"},{"alias":"PYSEC-2025-226"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46430?format=json","purl":"pkg:pypi/vtk@9.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.5.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28909?format=json","purl":"pkg:pypi/vtk@8.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-qp5d-yddh-67a4"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@8.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/28910?format=json","purl":"pkg:pypi/vtk@8.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-qp5d-yddh-67a4"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@8.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/28911?format=json","purl":"pkg:pypi/vtk@8.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-qp5d-yddh-67a4"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@8.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/28912?format=json","purl":"pkg:pypi/vtk@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-qp5d-yddh-67a4"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/28913?format=json","purl":"pkg:pypi/vtk@9.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/46416?format=json","purl":"pkg:pypi/vtk@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/46417?format=json","purl":"pkg:pypi/vtk@9.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/46418?format=json","purl":"pkg:pypi/vtk@9.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/46419?format=json","purl":"pkg:pypi/vtk@9.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/46420?format=json","purl":"pkg:pypi/vtk@9.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/46421?format=json","purl":"pkg:pypi/vtk@9.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/46422?format=json","purl":"pkg:pypi/vtk@9.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/46423?format=json","purl":"pkg:pypi/vtk@9.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/46424?format=json","purl":"pkg:pypi/vtk@9.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/46425?format=json","purl":"pkg:pypi/vtk@9.3.20230807rc0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.3.20230807rc0"},{"url":"http://public2.vulnerablecode.io/api/packages/46426?format=json","purl":"pkg:pypi/vtk@9.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/46427?format=json","purl":"pkg:pypi/vtk@9.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/46428?format=json","purl":"pkg:pypi/vtk@9.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/46429?format=json","purl":"pkg:pypi/vtk@9.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c5b6-p1ee-6fgz"},{"vulnerability":"VCID-dayh-vxpr-n7h7"},{"vulnerability":"VCID-tnex-thhe-bfba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.5.0"}],"references":[{"reference_url":"https://gitlab.kitware.com/vtk/vtk/-/issues/19736","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://gitlab.kitware.com/vtk/vtk/-/issues/19736"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.8 - 9.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dayh-vxpr-n7h7"}