Advisory ROSA-SA-2026-3211

software: vtk 9.0.1 OS: ROSA-CHROME unaffected versions = vtk-9.0.1.1-6 affected versions vtk-9.0.1.1-6 CVE-ID: CVE-2025-57106 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Buffer overflow in Kitware VTK before 9.5.0 in the vtkGLTFDocumentLoader component. The vulnerability occurs in the...

CVE-2025-57108

Kitware VTK Visualization Toolkit through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files...

CVE-2025-57108

Kitware VTK (Visualization Toolkit) up to version 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The flaw occurs during mesh object copy operations when GLTF files contain corrupted or invalid mesh reference structures, causing vector members to be accessed after the...

PT-2025-44637

Name of the Vulnerable Software and Affected Versions Kitware VTK Visualization Toolkit versions through 9.5.0 Description The software contains a heap use-after-free issue in vtkGLTFDocumentLoader. This occurs during mesh object copy operations, where vector members are accessed after the memory...

Linux Distros Unpatched Vulnerability : CVE-2025-57107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitware VTK Visualization Toolkit through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF...