CVE-2025-2753 | THREATINT

Description

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as critical. Affected is the function SceneCombiner::MergeScenes of the file code/AssetLib/LWS/LWSLoader.cpp of the component LWS File Handler. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Es wurde eine kritische Schwachstelle in Open Asset Import Library Assimp 5.4.3 ausgemacht. Dabei betrifft es die Funktion SceneCombiner::MergeScenes der Datei code/AssetLib/LWS/LWSLoader.cpp der Komponente LWS File Handler. Durch Manipulieren mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-03-24 | Published 2025-03-25 | Updated 2025-03-25 | Assigner VulDB

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

Problem types

Out-of-Bounds Read

Memory Corruption

Product status

5.4.3

affected

Timeline

2025-03-24:	Advisory disclosed
2025-03-24:	VulDB entry created
2025-03-24:	VulDB entry last update

Credits

d3ng03 (VulDB User) reporter

References

vuldb.com/?id.300858 (VDB-300858 | Open Asset Import Library Assimp LWS File LWSLoader.cpp MergeScenes out-of-bounds) vdb-entry technical-description

vuldb.com/?ctiid.300858 (VDB-300858 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.517787 (Submit #517787 | Open Asset Import Library Assimp >=5.4.3 Out-of-Bounds Read) third-party-advisory

github.com/assimp/assimp/issues/6014 issue-tracking

github.com/assimp/assimp/issues/6014 exploit issue-tracking

cve.org (CVE-2025-2753)

nvd.nist.gov (CVE-2025-2753)

Download JSON