CVE-2025-11277

EUVD-2025-32253
A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
assimpassimp
6.0.2
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
qt5-qt3d
RHEL 9
0:5.15.9-2.el9_7.1
fixed
qt5-qt3d-devel
RHEL 9
0:5.15.9-2.el9_7.1
fixed
qt5-qt3d-examples
RHEL 9
0:5.15.9-2.el9_7.1
fixed
Common Weakness Enumeration
References
https://github.com/assimp/assimp/issues/6358
https://github.com/user-attachments/files/22422643/poc.zip
https://vuldb.com/?ctiid.327011
https://vuldb.com/?id.327011
https://vuldb.com/?submit.658912