Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-3158

Опубликовано: 03 апр. 2025
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

A flaw has been found in the Open Asset Import Library (assimp). In affected versions, a malformed LWO file may trigger a heap-based buffer overflow, which may lead to an application crash or other undefined behavior.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2357196assimp: Open Asset Import Library Assimp LWO File LWOAnimation.cpp UpdateAnimRangeSetup heap-based overflow

EPSS

Процентиль: 7%
0.00029
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-3158

CVSS3: 5.3
ubuntu
7 месяцев назад

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

nvd логотип

CVE-2025-3158

CVSS3: 5.3
nvd
7 месяцев назад

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

debian логотип

CVE-2025-3158

CVSS3: 5.3
debian
7 месяцев назад

A vulnerability, which was classified as critical, has been found in O ...

github логотип

GHSA-6r79-vpvw-rfjj

CVSS3: 5.3
github
7 месяцев назад

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

fstec логотип

BDU:2025-12581

CVSS3: 7.8
fstec
7 месяцев назад

Уязвимость библиотеки импорта 3D-моделей Open Asset Import Library (Assimp), связанная с переполнением буфера в динамической памяти, позволяющая нарушителю получить несанкционированный к конфиденциальной информации

EPSS

Процентиль: 7%
0.00029
Низкий

5.3 Medium

CVSS3