PT-2025-22932 · Assimp+2 · Assimp+2
Clesmian
·
Published
2025-05-26
·
Updated
2026-03-20
·
CVE-2025-5202
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Open Asset Import Library Assimp version 5.4.3
Description
A vulnerability was found in Open Asset Import Library Assimp. It has been declared as problematic. Affected by this vulnerability is the function
HL1MDLLoader::validate header of the file assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.Recommendations
As a temporary workaround, consider disabling the
HL1MDLLoader::validate header function until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Out of bounds Read
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Assimp
Debian