https://harpi.cc/tags/vtk/Recent content in Vtk on harpi - Security ResearcherHugoen-usMon, 06 Apr 2026 16:17:15 +0300https://harpi.cc/blog/cves/vtk-gltf/Thu, 30 Oct 2025 00:00:00 +0000https://harpi.cc/blog/cves/vtk-gltf/<blockquote> <p><em>&ldquo;The future is already here — it&rsquo;s just not evenly distributed.&rdquo;</em> — William Gibson</p></blockquote> <h2 id="how-i-got-here">How I Got Here</h2> <p>In mid-2025 I scoped out an engagement for <a href="https://www.radicallyopensecurity.com/">Radically Open Security</a> targeting <a href="https://f3d.app/">F3D</a> — a fast, minimalist 3D viewer that supports dozens of file formats — and its library counterpart, <code>libf3d</code>. The proposal focused on three attack surfaces:</p> <blockquote> <p>Code audit and pentesting of <code>f3d</code> and <code>libf3d</code>.</p> <p>Our primary target is the <code>libf3d</code> since its API is used by third-party projects and security issues are more critical.</p>