Open Asset Import Library Assimp 5.4.3 Malformed File MD2Loader.cpp InternReadFile Sunu Pufferüberlauf

GumtiTarihigandayajsonxmlCTI

Wuro vulnerability wey an yi classify sey kura an gano shi a cikin Open Asset Import Library Assimp 5.4.3. Gaskiya, Assimp::MD2Importer::InternReadFile na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, code/AssetLib/MD2/MD2Loader.cpp na cikin lissafi, $software_file na cikin fayil, Malformed File Handler na cikin sashi. Ngam manipulation of the argument Sunu shi Pufferüberlauf. CWE shidin ka a yi bayani matsala sai ya kai CWE-121. Gaskiya, laifi an fitar da shi 04/03/2025 ta Chen Lihai da Xidian University a matsayin 6069. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2025-3196. Wuroo ka a yiɗi a yi ɗum e gese. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a hokkata. Vulnerability ɗin nan kuma an rubuta shi a wasu kundin bayanan vulnerability: Tenable (235880). VulDB is the best source for vulnerability data and more expert information about this specific topic.

7 Goyarwa · 109 Datenpunkte

Furɗe	Gargadi 2/6 04/04/2025 14:13	Gargadi 3/6 05/14/2025 13:16	Gargadi 4/6 07/23/2025 11:04	Gargadi 5/6 07/23/2025 14:30	Gargadi 6/6 07/23/2025 14:36
software_vendor	Open Asset Import Library	Open Asset Import Library	Open Asset Import Library	Open Asset Import Library	Open Asset Import Library
software_name	Assimp	Assimp	Assimp	Assimp	Assimp
software_version	5.4.3	5.4.3	5.4.3	5.4.3	5.4.3
software_component	Malformed File Handler	Malformed File Handler	Malformed File Handler	Malformed File Handler	Malformed File Handler
software_library	code/AssetLib/MD2/MD2Loader.cpp	code/AssetLib/MD2/MD2Loader.cpp	code/AssetLib/MD2/MD2Loader.cpp	code/AssetLib/MD2/MD2Loader.cpp	code/AssetLib/MD2/MD2Loader.cpp
software_function	Assimp::MD2Importer::InternReadFile	Assimp::MD2Importer::InternReadFile	Assimp::MD2Importer::InternReadFile	Assimp::MD2Importer::InternReadFile	Assimp::MD2Importer::InternReadFile
software_argument	name	name	name	name	name
vulnerability_cwe	CWE-121 (Pufferüberlauf)	CWE-121 (Pufferüberlauf)	CWE-121 (Pufferüberlauf)	CWE-121 (Pufferüberlauf)	CWE-121 (Pufferüberlauf)
vulnerability_risk	2	2	2	2	2
cvss3_vuldb_av	L	L	L	L	L
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_pr	L	L	L	L	L
cvss3_vuldb_ui	N	N	N	N	N
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	L	L	L	L	L
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	L	L	L	L	L
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rl	O	O	O	O	O
cvss3_vuldb_rc	C	C	C	C	C
advisory_identifier	6069	6069	6069	6069	6069
advisory_url	https://github.com/assimp/assimp/issues/6069	https://github.com/assimp/assimp/issues/6069	https://github.com/assimp/assimp/issues/6069	https://github.com/assimp/assimp/issues/6069	https://github.com/assimp/assimp/issues/6069
advisory_confirm_url	https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425	https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425	https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425	https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425	https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425
exploit_availability	1	1	1	1	1
exploit_publicity	1	1	1	1	1
exploit_url	https://github.com/assimp/assimp/issues/6069	https://github.com/assimp/assimp/issues/6069	https://github.com/assimp/assimp/issues/6069	https://github.com/assimp/assimp/issues/6069	https://github.com/assimp/assimp/issues/6069
countermeasure_name	Gargajiya	Gargajiya	Gargajiya	Gargajiya	Gargajiya
countermeasure_upgrade_url	https://github.com/assimp/assimp/milestone/11	https://github.com/assimp/assimp/milestone/11	https://github.com/assimp/assimp/milestone/11	https://github.com/assimp/assimp/milestone/11	https://github.com/assimp/assimp/milestone/11
source_cve	CVE-2025-3196	CVE-2025-3196	CVE-2025-3196	CVE-2025-3196	CVE-2025-3196
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
software_type	Software Library	Software Library	Software Library	Software Library	Software Library
cvss2_vuldb_av	L	L	L	L	L
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_ci	P	P	P	P	P
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	P	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rc	C	C	C	C	C
cvss2_vuldb_rl	OF	OF	OF	OF	OF
cvss4_vuldb_av	L	L	L	L	L
cvss4_vuldb_ac	L	L	L	L	L
cvss4_vuldb_pr	L	L	L	L	L
cvss4_vuldb_ui	N	N	N	N	N
cvss4_vuldb_vc	L	L	L	L	L
cvss4_vuldb_vi	L	L	L	L	L
cvss4_vuldb_va	L	L	L	L	L
cvss4_vuldb_e	P	P	P	P	P
cvss2_vuldb_au	S	S	S	S	S
cvss4_vuldb_at	N	N	N	N	N
cvss4_vuldb_sc	N	N	N	N	N
cvss4_vuldb_si	N	N	N	N	N
cvss4_vuldb_sa	N	N	N	N	N
cvss2_vuldb_basescore	4.3	4.3	4.3	4.3	4.3
cvss2_vuldb_tempscore	3.4	3.4	3.4	3.4	3.4
cvss3_vuldb_basescore	5.3	5.3	5.3	5.3	5.3
cvss3_vuldb_tempscore	4.8	4.8	4.8	4.8	4.8
cvss3_meta_basescore	5.3	5.3	5.3	5.4	5.4
cvss3_meta_tempscore	5.0	5.0	5.0	5.2	5.2
cvss4_vuldb_bscore	4.8	4.8	4.8	4.8	4.8
cvss4_vuldb_btscore	1.9	1.9	1.9	1.9	1.9
advisory_date	1743631200 (04/03/2025)	1743631200 (04/03/2025)	1743631200 (04/03/2025)	1743631200 (04/03/2025)	1743631200 (04/03/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary	A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.	A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.	A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.	A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.	A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
cvss4_cna_av	L	L	L	L	L
cvss4_cna_ac	L	L	L	L	L
cvss4_cna_at	N	N	N	N	N
cvss4_cna_pr	L	L	L	L	L
cvss4_cna_ui	N	N	N	N	N
cvss4_cna_vc	L	L	L	L	L
cvss4_cna_vi	L	L	L	L	L
cvss4_cna_va	L	L	L	L	L
cvss4_cna_sc	N	N	N	N	N
cvss4_cna_si	N	N	N	N	N
cvss4_cna_sa	N	N	N	N	N
cvss4_cna_bscore	4.8	4.8	4.8	4.8	4.8
cvss3_cna_av	L	L	L	L	L
cvss3_cna_ac	L	L	L	L	L
cvss3_cna_pr	L	L	L	L	L
cvss3_cna_ui	N	N	N	N	N
cvss3_cna_s	U	U	U	U	U
cvss3_cna_c	L	L	L	L	L
cvss3_cna_i	L	L	L	L	L
cvss3_cna_a	L	L	L	L	L
cvss3_cna_basescore	5.3	5.3	5.3	5.3	5.3
cvss2_cna_av	L	L	L	L	L
cvss2_cna_ac	L	L	L	L	L
cvss2_cna_au	S	S	S	S	S
cvss2_cna_ci	P	P	P	P	P
cvss2_cna_ii	P	P	P	P	P
cvss2_cna_ai	P	P	P	P	P
cvss2_cna_basescore	4.3	4.3	4.3	4.3	4.3
cve_nvd_summaryes	Se encontró una vulnerabilidad clasificada como crítica en Open Asset Import Library Assimp 5.4.3. La función Assimp::MD2Importer::InternReadFile en la librería code/AssetLib/MD2/MD2Loader.cpp del componente Malformed File Handler se ve afectada. La manipulación del argumento Name provoca un desbordamiento del búfer en la pila. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Se recomienda actualizar el componente afectado.	Se encontró una vulnerabilidad clasificada como crítica en Open Asset Import Library Assimp 5.4.3. La función Assimp::MD2Importer::InternReadFile en la librería code/AssetLib/MD2/MD2Loader.cpp del componente Malformed File Handler se ve afectada. La manipulación del argumento Name provoca un desbordamiento del búfer en la pila. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Se recomienda actualizar el componente afectado.	Se encontró una vulnerabilidad clasificada como crítica en Open Asset Import Library Assimp 5.4.3. La función Assimp::MD2Importer::InternReadFile en la librería code/AssetLib/MD2/MD2Loader.cpp del componente Malformed File Handler se ve afectada. La manipulación del argumento Name provoca un desbordamiento del búfer en la pila. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Se recomienda actualizar el componente afectado.	Se encontró una vulnerabilidad clasificada como crítica en Open Asset Import Library Assimp 5.4.3. La función Assimp::MD2Importer::InternReadFile en la librería code/AssetLib/MD2/MD2Loader.cpp del componente Malformed File Handler se ve afectada. La manipulación del argumento Name provoca un desbordamiento del búfer en la pila. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Se recomienda actualizar el componente afectado.	Se encontró una vulnerabilidad clasificada como crítica en Open Asset Import Library Assimp 5.4.3. La función Assimp::MD2Importer::InternReadFile en la librería code/AssetLib/MD2/MD2Loader.cpp del componente Malformed File Handler se ve afectada. La manipulación del argumento Name provoca un desbordamiento del búfer en la pila. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Se recomienda actualizar el componente afectado.
nessus_id		235880	235880	235880	235880
nessus_name		Amazon Linux 2 : qt5-qt3d (ALAS-2025-2848)	Amazon Linux 2 : qt5-qt3d (ALAS-2025-2848)	Amazon Linux 2 : qt5-qt3d (ALAS-2025-2848)	Amazon Linux 2 : qt5-qt3d (ALAS-2025-2848)
company_name			Xidian University	Xidian University	Xidian University
person_name			Chen Lihai	Chen Lihai	Chen Lihai
cvss3_nvd_av				L	L
cvss3_nvd_ac				L	L
cvss3_nvd_pr				L	L
cvss3_nvd_ui				N	N
cvss3_nvd_s				U	U
cvss3_nvd_c				N	N
cvss3_nvd_i				N	N
cvss3_nvd_a				H	H
cvss3_nvd_basescore				5.5	5.5
euvd_id					EUVD-2025-9663

◂ Gurɗo Gumti Gada ▸

Might our Artificial Intelligence support you?

Check our Alexa App!