CVE-2025-5200

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 5.4.3

Description A problem was found in the function MDLImporter::InternReadFile Quake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp, which leads to out-of-bounds read. The attack can be launched on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

Recommendations For Open Asset Import Library Assimp version 5.4.3, as a temporary workaround, consider disabling the MDLImporter::InternReadFile Quake1 function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-119

Related Identifiers

ALT-PU-2025-10063

CVE-2025-5200

OESA-2026-1330

OESA-2026-1331

OESA-2026-1658

OESA-2026-1659

OESA-2026-2057

OPENSUSE-SU-2026:10174-1

Affected Products

Alt Linux

Assimp

Debian

CVE-2025-5200

Weakness Enumeration

Related Identifiers

Affected Products

References · 42