CVE-2025-2751 | THREATINT

Description

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation of the argument na leads to out-of-bounds read. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

In Open Asset Import Library Assimp 5.4.3 wurde eine problematische Schwachstelle gefunden. Das betrifft die Funktion Assimp::CSMImporter::InternReadFile der Datei code/AssetLib/CSM/CSMLoader.cpp der Komponente CSM File Handler. Mittels Manipulieren des Arguments na mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-03-24 | Published 2025-03-25 | Updated 2025-03-31 | Assigner VulDB

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

5.0AV:N/AC:L/Au:N/C:N/I:N/A:P

Problem types

Out-of-Bounds Read

Memory Corruption

Product status

5.4.3

affected

Timeline

2025-03-24:	Advisory disclosed
2025-03-24:	VulDB entry created
2025-03-24:	VulDB entry last update

Credits

d3ng03 (VulDB User) reporter

References

vuldb.com/?id.300856 (VDB-300856 | Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile out-of-bounds) vdb-entry technical-description

vuldb.com/?ctiid.300856 (VDB-300856 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.517785 (Submit #517785 | Open Asset Import Library Assimp >=5.4.3 Out-of-Bounds Read) third-party-advisory

github.com/assimp/assimp/issues/6012 issue-tracking

github.com/assimp/assimp/issues/6012 exploit issue-tracking

cve.org (CVE-2025-2751)

nvd.nist.gov (CVE-2025-2751)

Download JSON