CVE-2025-6120

Опубликовано: 16 июн. 2025

Источник: redhat

CVSS3: 5.3

Описание

A vulnerability has been discovered in the Open Asset Import Library (Assimp), specifically within the read_meshes functionality of the assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp file (related to Half-Life 1 MDL file loading). This flaw can lead to a heap-based buffer overflow. Under specific conditions, exploitation of this buffer overflow could result in unpredictable program behavior, memory corruption, or arbitrary code execution.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	qt6-qtquick3d	Fix deferred
Red Hat Enterprise Linux 9	qt5-qt3d	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-119

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=2372998assimp: Open Asset Import Library heap-based overflow

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2025-6120

CVSS3: 5.3

nvd

2 дня назад

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

CVE-2025-6120

CVSS3: 5.3

debian

2 дня назад

A vulnerability classified as critical was found in Open Asset Import ...

GHSA-wg5q-7rhh-29w7

CVSS3: 5.3

github

2 дня назад

5.3 Medium

CVSS3