Debian Assimp vulnerabilities

CVE-2025-3160 [MEDIUM] CVE-2025-3160: assimp - A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and cla... A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclose

CVE-2025-5167 [MEDIUM] CVE-2025-5167: assimp - A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been... A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function LWOImporter::GetS0 in the library assimp/code/AssetLib/LWO/LWOLoader.h. The manipulation of the argument out leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to t

CVE-2025-5204 [MEDIUM] CVE-2025-5204: assimp - A vulnerability classified as problematic has been found in Open Asset Import Li... A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump_3DGS_MDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Th

CVE-2025-3196 [MEDIUM] CVE-2025-3196: assimp - A vulnerability, which was classified as critical, was found in Open Asset Impor... A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locall

CVE-2025-3016 [MEDIUM] CVE-2025-3016: assimp - A vulnerability classified as problematic was found in Open Asset Import Library... A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument mWidth/mHeight leads to resource consumption. The attack can be initiat

CVE-2025-2592 [MEDIUM] CVE-2025-2592: assimp - A vulnerability, which was classified as critical, has been found in Open Asset ... A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. T

CVE-2025-3159 [MEDIUM] CVE-2025-3159: assimp - A vulnerability, which was classified as critical, was found in Open Asset Impor... A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has

CVE-2025-6119 [MEDIUM] CVE-2025-6119: assimp - A vulnerability classified as critical has been found in Open Asset Import Libra... A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and m

CVE-2025-5201 [MEDIUM] CVE-2025-5201: assimp - A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been... A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be use

CVE-2025-3015 [MEDIUM] CVE-2025-3015: assimp - A vulnerability classified as critical has been found in Open Asset Import Libra... A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads to out-of-bounds read. It is possible to initiate the attack remotely. T

CVE-2025-5203 [MEDIUM] CVE-2025-5203: assimp - A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been... A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function SkipSpaces in the library assimp/include/assimp/ParsingUtils.h. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The p

CVE-2025-11275 [MEDIUM] CVE-2025-11275: assimp - A vulnerability was identified in Open Asset Import Library Assimp 6.0.2. Affect... A vulnerability was identified in Open Asset Import Library Assimp 6.0.2. Affected by this vulnerability is the function ODDLParser::getNextSeparator in the library assimp/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available

CVE-2025-2750 [MEDIUM] CVE-2025-2750: assimp - A vulnerability, which was classified as critical, was found in Open Asset Impor... A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been disclose

CVE-2025-5165 [MEDIUM] CVE-2025-5165: assimp - A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classifi... A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the publ

CVE-2025-5168 [MEDIUM] CVE-2025-5168: assimp - A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been... A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bounds read. An attack has to be approached locally. The exploit has been d

CVE-2025-2756 [MEDIUM] CVE-2025-2756: assimp - A vulnerability classified as critical has been found in Open Asset Import Libra... A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The

CVE-2025-2591 [MEDIUM] CVE-2025-2591: assimp - A vulnerability classified as problematic was found in Open Asset Import Library... A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the

CVE-2025-11277 [MEDIUM] CVE-2025-11277: assimp - A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This a... A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks.

CVE-2025-3549 [MEDIUM] CVE-2025-3549: assimp - A vulnerability, which was classified as critical, was found in Open Asset Impor... A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has be

CVE-2025-3548 [MEDIUM] CVE-2025-3548: assimp - A vulnerability, which was classified as critical, has been found in Open Asset ... A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed