Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-2756

Опубликовано: 25 мар. 2025
Источник: redhat
CVSS3: 6.3

Описание

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A flaw was found in the Open Asset Import Library Assimp. This affects the Assimp::AC3DImporter::ConvertObjectSection function of the code/AssetLib/AC/ACLoader.cpp file in the AC3D File Handler component. The manipulation of the tmp argument can lead to a heap-based buffer overflow. It is possible to initiate the attack remotely.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9qt5-qt3dFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2354802assimp: Open Asset Import Library Assimp AC3D File ACLoader.cpp ConvertObjectSection heap-based overflow

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-2756

CVSS3: 6.3
ubuntu
6 месяцев назад

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

nvd логотип

CVE-2025-2756

CVSS3: 6.3
nvd
6 месяцев назад

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

debian логотип

CVE-2025-2756

CVSS3: 6.3
debian
6 месяцев назад

A vulnerability classified as critical has been found in Open Asset Im ...

github логотип

GHSA-cvwm-xr4j-jf5j

CVSS3: 6.3
github
6 месяцев назад

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

6.3 Medium

CVSS3