Primary

Context

Kitware VTK Heap Buffer Overflow Vulnerability in GLTF Document Loader

Vulnerability

A heap buffer overflow vulnerability has been identified in Kitware VTK (Visualization Toolkit) versions through 9.5.0. The issue arises in the GLTF document loader, specifically within the copy constructor of Accessor objects. When the loader processes specially crafted GLTF files, it fails to properly validate buffer boundaries, allowing for out-of-bounds memory reads.

Impact

Exploitation of this vulnerability leads to a heap buffer overflow, causing a crash and application denial-of-service. Additionally, the out-of-bounds reads could potentially disclose sensitive information.

Reproduction

The vulnerability can be reproduced by building VTK with AddressSanitizer enabled, loading the crafted GLTF files using vtkGLTFImporter, and observing the resulting heap buffer overflow crash.

Added: Oct 31, 2025, 3:24 PM

Updated: Oct 31, 2025, 7:30 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

3.8

exploitability

6.0

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

3.8

exploitability

6.0

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kitware VTK Heap Buffer Overflow Vulnerability in GLTF Document Loader

Vulnerability

Impact

Reproduction

Affected Products

Kitware VTK

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating