CVE-2025-5166

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 5.4.3

Description A vulnerability was found in the Open Asset Import Library Assimp. It has been classified as problematic and affects the function MDCImporter::InternReadFile of the component MDC File Parser. The manipulation of the argument pcVerts leads to an out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-119

Related Identifiers

CVE-2025-5166

OESA-2026-1214

OESA-2026-1215

OESA-2026-1216

OESA-2026-1217

OESA-2026-1268

PYSEC-2025-173

Affected Products

Assimp

Debian

CVE-2025-5166

Weakness Enumeration

Related Identifiers

Affected Products

References · 30