CVE-2025-5167

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 5.4.3

Description A vulnerability was found in the Open Asset Import Library Assimp. The issue affects the function LWOImporter::GetS0 in the library assimp/code/AssetLib/LWO/LWOLoader.h. The manipulation of the argument out leads to an out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Recommendations For Open Asset Import Library Assimp version 5.4.3, as a temporary workaround, consider disabling the LWOImporter::GetS0 function until a patch is available. Restrict access to the assimp/code/AssetLib/LWO/LWOLoader.h library to minimize the risk of exploitation. Avoid using the argument out in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.