CVE-2025-3196

EUVD-2025-9663
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
assimpassimp
5.4.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
assimp
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
ignored
questing
needs-triage
resolute
needs-triage
xenial
ignored
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
qt5-qt3d
Amazon Linux 2
0:5.15.3-1.amzn2.0.5
fixed
qt5-qt3d-debuginfo
Amazon Linux 2
0:5.15.3-1.amzn2.0.5
fixed
qt5-qt3d-devel
Amazon Linux 2
0:5.15.3-1.amzn2.0.5
fixed
qt5-qt3d-examples
Amazon Linux 2
0:5.15.3-1.amzn2.0.5
fixed