PT-2025-22885 · Assimp+1 · Assimp+1

Clesmian

Published

2025-05-26

Updated

2025-05-26

CVE-2025-5169

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 5.4.3

Description A problematic vulnerability has been found in Open Asset Import Library Assimp, affecting the function MDLImporter::InternReadFile 3DGS MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. This leads to an out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public.

Recommendations For Open Asset Import Library Assimp version 5.4.3, consider disabling the MDLImporter::InternReadFile 3DGS MDL345 function until a patch is available to prevent out-of-bounds read. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-119

Related Identifiers

CVE-2025-5169

PYSEC-2025-176

Affected Products

Assimp

Debian

PT-2025-22885 · Assimp+1 · Assimp+1

CVE-2025-5169

Weakness Enumeration

Related Identifiers

Affected Products

References · 18