Summary Title: Heap Buffer Overflow #1 in vtkGLTFDocumentLoader::BufferDataExtractionWorker Description: A heap buffer overflow vulnerability exists in the VTK GLTF document loader that allows reading 4 bytes beyond allocated buffer boundaries during GLTF file processing. Vulnerability Details Component: vtkGLTFDocumentLoader.cxx Function: BufferDataExtractionWorker::operator() Line: 392 (in std::copy operation) Type: Heap buffer overflow (read) Affected Versions Tested on: VTK commit 527800fd Affects: All VTK version up until 9.5.0 Root Cause Analysis The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data. The issue is in the buffer bounds checking logic: The loop condition does not properly validate that remains within the buffer boundaries before the operation. This allows reading beyond the allocated buffer when: 1. Malformed GLTF files provide inconsistent buffer size metadata 2. The calculated buffer access extends beyond actual buffer allocation Activity Harry Pantazis @harrypantazis 3 months ago: - Attached heap-buffer-overflow-1.zip Mathieu Westphal (Kitware) @mwestphal 3 months ago: - Confirmed using vtkGLTFImporter Mathieu Westphal (Kitware) added label 3 months ago Murat Toprak mentioned in merge request !12375 2 months ago