Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-2592

Опубликовано: 21 мар. 2025
Источник: redhat
CVSS3: 6.3

Описание

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2690e354da0c681db000cfd892a55226788f2743. It is recommended to apply a patch to fix this issue.

A flaw was found in the Open Asset Import Library (assimp). In affected versions, a heap-based buffer overflow condition can be triggered when processing a malformed CSM file. This may lead to an application crash or other undefined behavior.

Отчет

No Red Hat products ship affected versions of Open Asset Import Library.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9qt5-qt3dNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2354071assimp: Open Asset Import Library Assimp CSMLoader.cpp InternReadFile heap-based overflow

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-2592

CVSS3: 6.3
ubuntu
6 месяцев назад

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2690e354da0c681db000cfd892a55226788f2743. It is recommended to apply a patch to fix this issue.

nvd логотип

CVE-2025-2592

CVSS3: 6.3
nvd
6 месяцев назад

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2690e354da0c681db000cfd892a55226788f2743. It is recommended to apply a patch to fix this issue.

debian логотип

CVE-2025-2592

CVSS3: 6.3
debian
6 месяцев назад

A vulnerability, which was classified as critical, has been found in O ...

suse-cvrf логотип

openSUSE-SU-2025:0117-1

suse-cvrf
5 месяцев назад

Security update for doomsday

github логотип

GHSA-gq4x-2qp9-2gvw

CVSS3: 6.3
github
6 месяцев назад

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2690e354da0c681db000cfd892a55226788f2743. It is recommended to apply a patch to fix this issue.

6.3 Medium

CVSS3