Home

Description

EN DE

A vulnerability was identified in Open Asset Import Library Assimp 6.0.2. Affected by this vulnerability is the function ODDLParser::getNextSeparator in the library assimp/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used.

Es wurde eine Schwachstelle in Open Asset Import Library Assimp 6.0.2 entdeckt. Dabei betrifft es die Funktion ODDLParser::getNextSeparator in der Bibliothek assimp/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h. Die Manipulation führt zu heap-based buffer overflow. Umgesetzt werden muss der Angriff lokal. Die Ausnutzung wurde veröffentlicht und kann verwendet werden.

PUBLISHED Reserved 2025-10-04 | Published 2025-10-05 | Updated 2025-10-06 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Heap-based Buffer Overflow

Memory Corruption

Product status

6.0.2
affected

Timeline

2025-10-04:Advisory disclosed
2025-10-04:VulDB entry created
2025-10-04:VulDB entry last update

Credits

sand (VulDB User) reporter

References

vuldb.com/?id.327009 (VDB-327009 | Open Asset Import Library Assimp OpenDDLParserUtils.h getNextSeparator heap-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.327009 (VDB-327009 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.658675 (Submit #658675 | Open Asset Import Library Assimp Assimp Version: 6.0.2 / master commit 0581ed5 Heap-based Buffer Overflow) third-party-advisory

github.com/assimp/assimp/issues/6357 issue-tracking

github.com/user-attachments/files/22417682/poc.zip exploit

cve.org (CVE-2025-11275)

nvd.nist.gov (CVE-2025-11275)

Download JSON