| Maez | Hizivadur 2/6
04/04/2025 14:13 | Hizivadur 3/6
14/05/2025 13:16 | Hizivadur 4/6
23/07/2025 11:04 | Hizivadur 5/6
23/07/2025 14:30 | Hizivadur 6/6
23/07/2025 14:36 |
|---|
| software_vendor | Open Asset Import Library | Open Asset Import Library | Open Asset Import Library | Open Asset Import Library | Open Asset Import Library |
| software_name | Assimp | Assimp | Assimp | Assimp | Assimp |
| software_version | 5.4.3 | 5.4.3 | 5.4.3 | 5.4.3 | 5.4.3 |
| software_component | Malformed File Handler | Malformed File Handler | Malformed File Handler | Malformed File Handler | Malformed File Handler |
| software_library | code/AssetLib/MD2/MD2Loader.cpp | code/AssetLib/MD2/MD2Loader.cpp | code/AssetLib/MD2/MD2Loader.cpp | code/AssetLib/MD2/MD2Loader.cpp | code/AssetLib/MD2/MD2Loader.cpp |
| software_function | Assimp::MD2Importer::InternReadFile | Assimp::MD2Importer::InternReadFile | Assimp::MD2Importer::InternReadFile | Assimp::MD2Importer::InternReadFile | Assimp::MD2Importer::InternReadFile |
| software_argument | name | name | name | name | name |
| vulnerability_cwe | CWE-121 (Touladenn war ar c'houlladoù) | CWE-121 (Touladenn war ar c'houlladoù) | CWE-121 (Touladenn war ar c'houlladoù) | CWE-121 (Touladenn war ar c'houlladoù) | CWE-121 (Touladenn war ar c'houlladoù) |
| vulnerability_risk | 2 | 2 | 2 | 2 | 2 |
| cvss3_vuldb_av | L | L | L | L | L |
| cvss3_vuldb_ac | L | L | L | L | L |
| cvss3_vuldb_pr | L | L | L | L | L |
| cvss3_vuldb_ui | N | N | N | N | N |
| cvss3_vuldb_s | U | U | U | U | U |
| cvss3_vuldb_c | L | L | L | L | L |
| cvss3_vuldb_i | L | L | L | L | L |
| cvss3_vuldb_a | L | L | L | L | L |
| cvss3_vuldb_e | P | P | P | P | P |
| cvss3_vuldb_rl | O | O | O | O | O |
| cvss3_vuldb_rc | C | C | C | C | C |
| advisory_identifier | 6069 | 6069 | 6069 | 6069 | 6069 |
| advisory_url | https://github.com/assimp/assimp/issues/6069 | https://github.com/assimp/assimp/issues/6069 | https://github.com/assimp/assimp/issues/6069 | https://github.com/assimp/assimp/issues/6069 | https://github.com/assimp/assimp/issues/6069 |
| advisory_confirm_url | https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425 | https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425 | https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425 | https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425 | https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425 |
| exploit_availability | 1 | 1 | 1 | 1 | 1 |
| exploit_publicity | 1 | 1 | 1 | 1 | 1 |
| exploit_url | https://github.com/assimp/assimp/issues/6069 | https://github.com/assimp/assimp/issues/6069 | https://github.com/assimp/assimp/issues/6069 | https://github.com/assimp/assimp/issues/6069 | https://github.com/assimp/assimp/issues/6069 |
| countermeasure_name | Hizivadenn | Hizivadenn | Hizivadenn | Hizivadenn | Hizivadenn |
| countermeasure_upgrade_url | https://github.com/assimp/assimp/milestone/11 | https://github.com/assimp/assimp/milestone/11 | https://github.com/assimp/assimp/milestone/11 | https://github.com/assimp/assimp/milestone/11 | https://github.com/assimp/assimp/milestone/11 |
| source_cve | CVE-2025-3196 | CVE-2025-3196 | CVE-2025-3196 | CVE-2025-3196 | CVE-2025-3196 |
| cna_responsible | VulDB | VulDB | VulDB | VulDB | VulDB |
| software_type | Software Library | Software Library | Software Library | Software Library | Software Library |
| cvss2_vuldb_av | L | L | L | L | L |
| cvss2_vuldb_ac | L | L | L | L | L |
| cvss2_vuldb_ci | P | P | P | P | P |
| cvss2_vuldb_ii | P | P | P | P | P |
| cvss2_vuldb_ai | P | P | P | P | P |
| cvss2_vuldb_e | POC | POC | POC | POC | POC |
| cvss2_vuldb_rc | C | C | C | C | C |
| cvss2_vuldb_rl | OF | OF | OF | OF | OF |
| cvss4_vuldb_av | L | L | L | L | L |
| cvss4_vuldb_ac | L | L | L | L | L |
| cvss4_vuldb_pr | L | L | L | L | L |
| cvss4_vuldb_ui | N | N | N | N | N |
| cvss4_vuldb_vc | L | L | L | L | L |
| cvss4_vuldb_vi | L | L | L | L | L |
| cvss4_vuldb_va | L | L | L | L | L |
| cvss4_vuldb_e | P | P | P | P | P |
| cvss2_vuldb_au | S | S | S | S | S |
| cvss4_vuldb_at | N | N | N | N | N |
| cvss4_vuldb_sc | N | N | N | N | N |
| cvss4_vuldb_si | N | N | N | N | N |
| cvss4_vuldb_sa | N | N | N | N | N |
| cvss2_vuldb_basescore | 4.3 | 4.3 | 4.3 | 4.3 | 4.3 |
| cvss2_vuldb_tempscore | 3.4 | 3.4 | 3.4 | 3.4 | 3.4 |
| cvss3_vuldb_basescore | 5.3 | 5.3 | 5.3 | 5.3 | 5.3 |
| cvss3_vuldb_tempscore | 4.8 | 4.8 | 4.8 | 4.8 | 4.8 |
| cvss3_meta_basescore | 5.3 | 5.3 | 5.3 | 5.4 | 5.4 |
| cvss3_meta_tempscore | 5.0 | 5.0 | 5.0 | 5.2 | 5.2 |
| cvss4_vuldb_bscore | 4.8 | 4.8 | 4.8 | 4.8 | 4.8 |
| cvss4_vuldb_btscore | 1.9 | 1.9 | 1.9 | 1.9 | 1.9 |
| advisory_date | 1743631200 (03/04/2025) | 1743631200 (03/04/2025) | 1743631200 (03/04/2025) | 1743631200 (03/04/2025) | 1743631200 (03/04/2025) |
| price_0day | $0-$5k | $0-$5k | $0-$5k | $0-$5k | $0-$5k |
| cve_nvd_summary | A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. |
| cvss4_cna_av | L | L | L | L | L |
| cvss4_cna_ac | L | L | L | L | L |
| cvss4_cna_at | N | N | N | N | N |
| cvss4_cna_pr | L | L | L | L | L |
| cvss4_cna_ui | N | N | N | N | N |
| cvss4_cna_vc | L | L | L | L | L |
| cvss4_cna_vi | L | L | L | L | L |
| cvss4_cna_va | L | L | L | L | L |
| cvss4_cna_sc | N | N | N | N | N |
| cvss4_cna_si | N | N | N | N | N |
| cvss4_cna_sa | N | N | N | N | N |
| cvss4_cna_bscore | 4.8 | 4.8 | 4.8 | 4.8 | 4.8 |
| cvss3_cna_av | L | L | L | L | L |
| cvss3_cna_ac | L | L | L | L | L |
| cvss3_cna_pr | L | L | L | L | L |
| cvss3_cna_ui | N | N | N | N | N |
| cvss3_cna_s | U | U | U | U | U |
| cvss3_cna_c | L | L | L | L | L |
| cvss3_cna_i | L | L | L | L | L |
| cvss3_cna_a | L | L | L | L | L |
| cvss3_cna_basescore | 5.3 | 5.3 | 5.3 | 5.3 | 5.3 |
| cvss2_cna_av | L | L | L | L | L |
| cvss2_cna_ac | L | L | L | L | L |
| cvss2_cna_au | S | S | S | S | S |
| cvss2_cna_ci | P | P | P | P | P |
| cvss2_cna_ii | P | P | P | P | P |
| cvss2_cna_ai | P | P | P | P | P |
| cvss2_cna_basescore | 4.3 | 4.3 | 4.3 | 4.3 | 4.3 |
| cve_nvd_summaryes | Se encontró una vulnerabilidad clasificada como crítica en Open Asset Import Library Assimp 5.4.3. La función Assimp::MD2Importer::InternReadFile en la librería code/AssetLib/MD2/MD2Loader.cpp del componente Malformed File Handler se ve afectada. La manipulación del argumento Name provoca un desbordamiento del búfer en la pila. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Se recomienda actualizar el componente afectado. | Se encontró una vulnerabilidad clasificada como crítica en Open Asset Import Library Assimp 5.4.3. La función Assimp::MD2Importer::InternReadFile en la librería code/AssetLib/MD2/MD2Loader.cpp del componente Malformed File Handler se ve afectada. La manipulación del argumento Name provoca un desbordamiento del búfer en la pila. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Se recomienda actualizar el componente afectado. | Se encontró una vulnerabilidad clasificada como crítica en Open Asset Import Library Assimp 5.4.3. La función Assimp::MD2Importer::InternReadFile en la librería code/AssetLib/MD2/MD2Loader.cpp del componente Malformed File Handler se ve afectada. La manipulación del argumento Name provoca un desbordamiento del búfer en la pila. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Se recomienda actualizar el componente afectado. | Se encontró una vulnerabilidad clasificada como crítica en Open Asset Import Library Assimp 5.4.3. La función Assimp::MD2Importer::InternReadFile en la librería code/AssetLib/MD2/MD2Loader.cpp del componente Malformed File Handler se ve afectada. La manipulación del argumento Name provoca un desbordamiento del búfer en la pila. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Se recomienda actualizar el componente afectado. | Se encontró una vulnerabilidad clasificada como crítica en Open Asset Import Library Assimp 5.4.3. La función Assimp::MD2Importer::InternReadFile en la librería code/AssetLib/MD2/MD2Loader.cpp del componente Malformed File Handler se ve afectada. La manipulación del argumento Name provoca un desbordamiento del búfer en la pila. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Se recomienda actualizar el componente afectado. |
| nessus_id | | 235880 | 235880 | 235880 | 235880 |
| nessus_name | | Amazon Linux 2 : qt5-qt3d (ALAS-2025-2848) | Amazon Linux 2 : qt5-qt3d (ALAS-2025-2848) | Amazon Linux 2 : qt5-qt3d (ALAS-2025-2848) | Amazon Linux 2 : qt5-qt3d (ALAS-2025-2848) |
| company_name | | | Xidian University | Xidian University | Xidian University |
| person_name | | | Chen Lihai | Chen Lihai | Chen Lihai |
| cvss3_nvd_av | | | | L | L |
| cvss3_nvd_ac | | | | L | L |
| cvss3_nvd_pr | | | | L | L |
| cvss3_nvd_ui | | | | N | N |
| cvss3_nvd_s | | | | U | U |
| cvss3_nvd_c | | | | N | N |
| cvss3_nvd_i | | | | N | N |
| cvss3_nvd_a | | | | H | H |
| cvss3_nvd_basescore | | | | 5.5 | 5.5 |
| euvd_id | | | | | EUVD-2025-9663 |