ALT-PU-2026-4353-6

Обновление пакета vtk в ветке p11

Версия9.5.2-alt2

Задание#409890

Опубликовано2026-05-06

Макс. серьёзностьCRITICAL

Серьёзность:

Закрытые проблемы (3)

HIGH7.5

Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.

Опубликовано: 2025-10-31Изменено: 2025-11-05

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

HIGH7.1

Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.

Опубликовано: 2025-10-31Изменено: 2025-11-05

CVSS 3.xВЫСОКАЯ 7.1

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Ссылки

https://gitlab.kitware.com/vtk/vtk/-/issues/19732

CRITICAL9.8

Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.

Опубликовано: 2025-10-31Изменено: 2025-11-05

CVSS 3.xКРИТИЧЕСКАЯ 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ссылки

https://gitlab.kitware.com/vtk/vtk/-/issues/19736