CVE-2025-3196

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 5.4.3

Description A critical vulnerability was found in Open Asset Import Library Assimp. The function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler is affected. The manipulation of the argument Name leads to a stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Recommendations As a temporary workaround, consider disabling the Assimp::MD2Importer::InternReadFile function until a patch is available. To resolve the issue, upgrade the affected component to a newer version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121CWE-119

Related Identifiers

ALT-PU-2025-10063

BDU:2025-07004

CVE-2025-3196

OESA-2025-2178

OESA-2025-2179

OESA-2025-2252

OPENSUSE-SU-2025:15198-1

PYSEC-2025-170

Affected Products

Alt Linux

Assimp

Debian

Red Os

CVE-2025-3196

Weakness Enumeration

Related Identifiers

Affected Products

References · 41