CVE-2025-3196
Open Asset Import Library Assimp Malformed File MD2Loader.cpp InternReadFile stack-based overflow
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Open Asset Import Library Assimp Malformed File MD2Loader.cpp InternReadFile stack-based overflow
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Es wurde eine Schwachstelle in Open Asset Import Library Assimp 5.4.3 gefunden. Sie wurde als kritisch eingestuft. Es betrifft die Funktion Assimp::MD2Importer::InternReadFile in der Bibliothek code/AssetLib/MD2/MD2Loader.cpp der Komponente Malformed File Handler. Dank Manipulation des Arguments Name mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
| 2025-04-03: | Advisory disclosed |
| 2025-04-03: | VulDB entry created |
| 2025-04-03: | VulDB entry last update |
vuldb.com/?id.303150 (VDB-303150 | Open Asset Import Library Assimp Malformed File MD2Loader.cpp InternReadFile stack-based overflow)
vuldb.com/?ctiid.303150 (VDB-303150 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.545368 (Submit #545368 | Open Asset Import Library Assimp 5.4.3 Stack-based Buffer Overflow)
github.com/assimp/assimp/issues/6069
github.com/assimp/assimp/issues/6069
github.com/assimp/assimp/milestone/11
Support options
