Vulnerabilities > CVE-2025-3196 - Out-of-bounds Write vulnerability in Assimp 5.4.3

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

assimp

CWE-787

NVD

Published: 2025-04-04

Updated: 2025-05-28

Summary

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Vulnerable Configurations

Part	Description	Count
Application	Assimp Assimp Assimp 5.4.3	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/assimp/assimp/issues/6069
https://github.com/assimp/assimp/issues/6069
https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425
https://github.com/assimp/assimp/milestone/11
https://vuldb.com/?ctiid.303150
https://vuldb.com/?id.303150
https://vuldb.com/?submit.545368