CVE-2025-2751

EUVD-2025-8071
A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation of the argument na leads to out-of-bounds read. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
assimpassimp
5.4.3
𝑥
= Vulnerable software versions
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
qt5-qt3d
Amazon Linux 2
0:5.15.3-1.amzn2.0.6
fixed
qt5-qt3d-debuginfo
Amazon Linux 2
0:5.15.3-1.amzn2.0.6
fixed
qt5-qt3d-devel
Amazon Linux 2
0:5.15.3-1.amzn2.0.6
fixed
qt5-qt3d-examples
Amazon Linux 2
0:5.15.3-1.amzn2.0.6
fixed