CVE-2025-3015

Name
CVE-2025-3015
Description
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0 is able to address this issue. The patch is named 7c705fde418d68cca4e8eff56be01b2617b0d6fe. It is recommended to apply a patch to fix this issue.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
patch https://github.com/assimp/assimp/commit/7c705fde418d68cca4e8eff56be01b2617b0d6fe
issue-tracking https://github.com/assimp/assimp/issues/6021
exploit https://github.com/assimp/assimp/issues/6021#issue-2877378829
issue-tracking https://github.com/assimp/assimp/pull/6045
signature https://vuldb.com/?ctiid.302067
vdb-entry https://vuldb.com/?id.302067
third-party-advisory https://vuldb.com/?submit.524589

Match rules

CPE URI Source package Min version Max version
assimp == 5.4.3 == 5.4.3
cpe:2.3:a:assimp:assimp:5.4.3:*:*:*:*:*:*:* assimp == None == 5.4.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
assimp edge-community 5.4.3-r0 Russ Webber <russ@rw.id.au> possibly vulnerable
assimp 3.22-community 5.4.3-r0 Russ Webber <russ@rw.id.au> possibly vulnerable