Vulnerabilities > CVE-2025-3015 - Out-of-bounds Read vulnerability in Assimp 5.4.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0 is able to address this issue. The patch is named 7c705fde418d68cca4e8eff56be01b2617b0d6fe. It is recommended to apply a patch to fix this issue.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
References
- https://github.com/assimp/assimp/commit/7c705fde418d68cca4e8eff56be01b2617b0d6fe
- https://github.com/assimp/assimp/issues/6021
- https://github.com/assimp/assimp/issues/6021
- https://github.com/assimp/assimp/issues/6021#issue-2877378829
- https://github.com/assimp/assimp/pull/6045
- https://vuldb.com/?ctiid.302067
- https://vuldb.com/?id.302067
- https://vuldb.com/?submit.524589