CVE-2025-2152

EUVD-2025-7294
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
VulDBCNA
6.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
assimpassimp
5.4.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
assimp
bookworm
postponed
bullseye
postponed
forky
6.0.4+ds-1
fixed
sid
6.0.4+ds-1
fixed
trixie
postponed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
assimp
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
ignored
questing
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/assimp/assimp/issues/6027
https://github.com/assimp/assimp/issues/6027#issue-2877629241
https://vuldb.com/?ctiid.299063
https://vuldb.com/?id.299063
https://vuldb.com/?submit.510818