Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:12842

Опубликовано: 04 окт. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: qt5-qt3d security update

Qt 3D provides functionality for near-realtime simulation systems with support for 2D and 3D rendering in both Qt C++ and Qt Quick applications).

Security Fix(es):

  • assimp: Open Asset Import Library Assimp LWO File LWOAnimation.cpp UpdateAnimRangeSetup heap-based overflow (CVE-2025-3158)

  • assimp: Open Asset Import Library Assimp ASE File ASEParser.cpp ParseLV4MeshBonesVertices heap-based overflow (CVE-2025-3159)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
qt5-qt3di6862.el9_6qt5-qt3d-5.15.9-2.el9_6.i686.rpm
qt5-qt3dx86_642.el9_6qt5-qt3d-5.15.9-2.el9_6.x86_64.rpm
qt5-qt3d-develi6862.el9_6qt5-qt3d-devel-5.15.9-2.el9_6.i686.rpm
qt5-qt3d-develx86_642.el9_6qt5-qt3d-devel-5.15.9-2.el9_6.x86_64.rpm
qt5-qt3d-examplesx86_642.el9_6qt5-qt3d-examples-5.15.9-2.el9_6.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-3158
CVE-2025-3159

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2025-12842

oracle-oval
6 месяцев назад

ELSA-2025-12842: qt5-qt3d security update (MODERATE)

ubuntu логотип

CVE-2025-3159

CVSS3: 5.3
ubuntu
10 месяцев назад

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is e8a6286542924e628e02749c4f5ac4f91fdae71b. It is recommended to apply a patch to fix this issue.

redhat логотип

CVE-2025-3159

CVSS3: 5.3
redhat
10 месяцев назад

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is e8a6286542924e628e02749c4f5ac4f91fdae71b. It is recommended to apply a patch to fix this issue.

nvd логотип

CVE-2025-3159

CVSS3: 5.3
nvd
10 месяцев назад

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is e8a6286542924e628e02749c4f5ac4f91fdae71b. It is recommended to apply a patch to fix this issue.

debian логотип

CVE-2025-3159

CVSS3: 5.3
debian
10 месяцев назад

A vulnerability, which was classified as critical, was found in Open A ...