Kitware VTK Heap Use-After-Free Vulnerability in GLTF Document Loader

A heap use-after-free vulnerability has been identified in Kitware VTK (Visualization Toolkit) versions through 9.5.0. The issue arises in the GLTF document loader during mesh object copy operations. Vector members are accessed after the associated memory has been freed, particularly when GLTF files contain corrupted or invalid mesh reference structures. This vulnerability was discovered through fuzzing with libFuzzer, using AddressSanitizer, and can potentially lead to application crashes or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a heap use-after-free error, which can lead to memory corruption. This type of vulnerability often allows for arbitrary code execution by manipulating the heap memory.

Reproduction

To reproduce this vulnerability, build VTK with AddressSanitizer enabled. Then, use the provided GLTF file, 'crash-input-75.gltf', and load it with 'vtkGLTFImporter'. The AddressSanitizer will report a heap use-after-free error, indicating that freed memory was accessed, which is consistent with the vulnerability's description.