CVE-2025-3160

CVSS v4.0

4.8

Medium

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 5.4.3

Description A vulnerability has been found in the Open Asset Import Library Assimp, affecting the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds read. An attack has to be approached locally.

Recommendations Apply the patch identified as a0993658f40d8e13ff5823990c30b43c82a5daf0 to fix this issue. As a temporary workaround, consider disabling the Assimp::SceneCombiner::AddNodeHashes function until the patch is applied.

Exploit

Fix

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-119

Related Identifiers

BDU:2025-12926

CVE-2025-3160

OESA-2025-1402

OESA-2025-1403

OESA-2025-1404

OESA-2025-1405

OPENSUSE-SU-2025:15198-1

Affected Products

Assimp

Debian

Red Os

CVE-2025-3160

Weakness Enumeration

Related Identifiers

Affected Products

References · 42