Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-2754

Опубликовано: 25 мар. 2025
Источник: redhat
CVSS3: 6.3

Описание

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as critical. Affected by this vulnerability is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument it leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A flaw was found in the Open Asset Import Library Assimp. The Assimp::AC3DImporter::ConvertObjectSection function of the code/AssetLib/AC/ACLoader.cpp file in the AC3D File Handler component is affected. This attack can be launched remotely, and manipulation of the argument can lead to a heap-based buffer overflow.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9qt5-qt3dFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2354790assimp: Open Asset Import Library Assimp AC3D File ACLoader.cpp ConvertObjectSection heap-based overflow

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-2754

CVSS3: 6.3
ubuntu
11 месяцев назад

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as critical. Affected by this vulnerability is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument it leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

nvd логотип

CVE-2025-2754

CVSS3: 6.3
nvd
11 месяцев назад

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as critical. Affected by this vulnerability is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument it leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

debian логотип

CVE-2025-2754

CVSS3: 6.3
debian
11 месяцев назад

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...

github логотип

GHSA-gvgr-wxrg-3hr3

CVSS3: 6.3
github
11 месяцев назад

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as critical. Affected by this vulnerability is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument it leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

6.3 Medium

CVSS3