vtk

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting vtkpage 1 of 1

CVE-2021-42521HIGHCVSS 7.5EG 7.5✓ Fixed in 9.0.1
2022-08-25
vulnerable: 8.1.0, 8.1.1, 8.1.2, 9.0.0
There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe …
CVE-2025-57106HIGHCVSS 7.5EG 7.5✓ Fixed in 9.5.1
2025-10-31
vulnerable: 8.1.0 ... 9.5.0 (19 versions)
Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.
CVE-2025-57107HIGHCVSS 7.1EG 7.1✓ Fixed in 9.5.1
2025-10-31
vulnerable: 8.1.0 ... 9.5.0 (19 versions)
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buf…
CVE-2025-57108CRITICALCVSS 9.8EG 9.8✓ Fixed in 9.5.1
2025-10-31
vulnerable: 8.1.0 ... 9.5.0 (19 versions)
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying …

Check whether vtk is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for vtk CVEs against the assets you own.

Start Free Scan →