Debian Assimp vulnerabilities

CVE-2025-15538 [MEDIUM] CVE-2025-15538: assimp - A security vulnerability has been detected in Open Asset Import Library Assimp u... A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may

CVE-2025-2152 [MEDIUM] CVE-2025-2152: assimp - A vulnerability, which was classified as critical, has been found in Open Asset ... A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the pu

CVE-2025-5169 [MEDIUM] CVE-2025-5169: assimp - A vulnerability classified as problematic has been found in Open Asset Import Li... A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::InternReadFile_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be

CVE-2025-3158 [MEDIUM] CVE-2025-3158: assimp - A vulnerability, which was classified as critical, has been found in Open Asset ... A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack o

CVE-2025-2751 [MEDIUM] CVE-2025-2751: assimp - A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and cla... A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation of the argument na leads to out-of-bounds read. The attack can be initiated remotely. The exp

CVE-2025-2754 [MEDIUM] CVE-2025-2754: assimp - A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been... A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as critical. Affected by this vulnerability is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument it leads to heap-based buffer overflow. The attack can be launche

CVE-2025-6120 [MEDIUM] CVE-2025-6120: assimp - A vulnerability classified as critical was found in Open Asset Import Library As... A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to th

CVE-2025-5166 [MEDIUM] CVE-2025-5166: assimp - A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been... A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to out-of-bounds read. It is possible to launch the attack on the local host

CVE-2025-5202 [MEDIUM] CVE-2025-5202: assimp - A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been... A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function HL1MDLLoader::validate_header of the file assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to th

CVE-2025-2753 [MEDIUM] CVE-2025-2753: assimp - A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been... A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as critical. Affected is the function SceneCombiner::MergeScenes of the file code/AssetLib/LWS/LWSLoader.cpp of the component LWS File Handler. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been disclosed to the pub

CVE-2025-2757 [MEDIUM] CVE-2025-2757: assimp - A vulnerability classified as critical was found in Open Asset Import Library As... A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AI_MD5_PARSE_STRING_IN_QUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit

CVE-2025-2755 [MEDIUM] CVE-2025-2755: assimp - A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been... A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as critical. Affected by this issue is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument src.entries leads to out-of-bounds read. The attack may be launched remotely

CVE-2025-11274 [MEDIUM] CVE-2025-11274: assimp - A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affect... A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation causes allocation of resources. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Scope: local bookworm: open bull

CVE-2025-2151 [MEDIUM] CVE-2025-2151: assimp - A vulnerability classified as critical was found in Open Asset Import Library As... A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. S

CVE-2025-2752 [MEDIUM] CVE-2025-2752: assimp - A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classifi... A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function fast_atoreal_move in the library include/assimp/fast_atof.h of the component CSM File Handler. The manipulation leads to out-of-bounds read. The attack may be initiated remotely. The exploit has been disclosed to the public and may be use

CVE-2025-5200 [MEDIUM] CVE-2025-5200: assimp - A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classifi... A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFile_Quake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and m

CVE-2024-40724 [HIGH] CVE-2024-40724: assimp - Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allow... Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 5.4.2+ds-1) sid: resolved (fixed in 5.4.2+ds-1) trixie: resolved (fixed in 5.4.2+ds-1)

CVE-2024-48423 [HIGH] CVE-2024-48423: assimp - An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via... An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 6.0.2+ds-1) sid: resolved (fixed in 6.0.2+ds-1) trixie: open

CVE-2024-45679 [HIGH] CVE-2024-45679: assimp - Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allow... Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 5.4.0+ds-1) sid: resolved (fixed in 5.4.0+ds-1) trixie: resolved (fixed in 5.4.0+ds-1)

CVE-2024-48425 [MEDIUM] CVE-2024-48425: assimp - A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_... A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference. Scope: local bookworm: open bul