Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-5201

Опубликовано: 26 мая 2025
Источник: redhat
CVSS3: 3.3

Описание

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

A fuzzer test discovered a heap based buffer overflow in the Open Asset Import Library Assimp on version 5.4.3. The LWOImporter::CountVertsAndFacesLWO2 function in the assimp/code/AssetLib/LWO/LWOLoader.cpp file is affected. The manipulation leads to out-of-bounds read, which can lead to an application crash. The attacker needs to be local in order to exploit this vulnerability.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9qt5-qt3dFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-119
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2369039assimp: Open Asset Import Library Assimp LWOLoader.cpp CountVertsAndFacesLWO2 out-of-bounds

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-5201

CVSS3: 3.3
ubuntu
23 дня назад

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

nvd логотип

CVE-2025-5201

CVSS3: 3.3
nvd
23 дня назад

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian логотип

CVE-2025-5201

CVSS3: 3.3
debian
23 дня назад

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...

github логотип

GHSA-2v5h-r74h-52p7

CVSS3: 3.3
github
23 дня назад

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

3.3 Low

CVSS3