CVE-2025-3548

EUVD-2025-10859
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
assimpassimp
𝑥
≤ 5.4.3
𝑥
= Vulnerable software versions
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
qt5-qt3d
Amazon Linux 2
0:5.15.3-1.amzn2.0.5
fixed
qt5-qt3d-debuginfo
Amazon Linux 2
0:5.15.3-1.amzn2.0.5
fixed
qt5-qt3d-devel
Amazon Linux 2
0:5.15.3-1.amzn2.0.5
fixed
qt5-qt3d-examples
Amazon Linux 2
0:5.15.3-1.amzn2.0.5
fixed