Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-5204

Опубликовано: 26 мая 2025
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump_3DGS_MDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

A flaw was found in assimp. The flawed bounds check in the MDLImporter::ParseSkinLump_3DGS_MDL7 function leads to an out-of-bounds read. A local attacker is required to trigger the vulnerability by manipulating input during file parsing. This results in a denial of service. Low privileges are needed to exploit the issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9qt5-qt3dNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-119
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2368650assimp: Assimp Out-of-Bounds Read Vulnerability

EPSS

Процентиль: 4%
0.00022
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-5204

CVSS3: 3.3
ubuntu
23 дня назад

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump_3DGS_MDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

nvd логотип

CVE-2025-5204

CVSS3: 3.3
nvd
23 дня назад

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump_3DGS_MDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

debian логотип

CVE-2025-5204

CVSS3: 3.3
debian
23 дня назад

A vulnerability classified as problematic has been found in Open Asset ...

github логотип

GHSA-xpvq-w32j-6px4

CVSS3: 3.3
github
23 дня назад

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump_3DGS_MDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

EPSS

Процентиль: 4%
0.00022
Низкий

3.3 Low

CVSS3