CVE-2025-6120
Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow
A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.
In Open Asset Import Library Assimp bis 5.4.3 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion read_meshes in der Bibliothek assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. Mit der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
| 2025-06-15: | Advisory disclosed |
| 2025-06-15: | VulDB entry created |
| 2025-06-15: | VulDB entry last update |
Rulkallos (VulDB User)
vuldb.com/?id.312589 (VDB-312589 | Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow)
vuldb.com/?ctiid.312589 (VDB-312589 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.591235 (Submit #591235 | Open Asset Import Library Assimp 5.4.3 Heap-based Buffer Overflow)
github.com/assimp/assimp/issues/6220
github.com/assimp/assimp/issues/6220
github.com/...ts/files/20605340/read_meshes_reproduce.tar.gz
Support options
