CVE-2025-3160

Name
CVE-2025-3160
Description
A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as a0993658f40d8e13ff5823990c30b43c82a5daf0. It is recommended to apply a patch to fix this issue.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://vuldb.com/?id.303106
signature https://vuldb.com/?ctiid.303106
third-party-advisory https://vuldb.com/?submit.542248
issue-tracking https://github.com/assimp/assimp/issues/6025
issue-tracking https://github.com/assimp/assimp/pull/6049
exploit https://github.com/assimp/assimp/issues/6025#issue-2877385383
patch https://github.com/assimp/assimp/commit/a0993658f40d8e13ff5823990c30b43c82a5daf0

Match rules

CPE URI Source package Min version Max version
assimp == 5.4.3 == 5.4.3
cpe:2.3:a:assimp:assimp:5.4.3:*:*:*:*:*:*:* assimp == None == 5.4.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
assimp edge-community 5.4.3-r0 Russ Webber <russ@rw.id.au> possibly vulnerable
assimp 3.22-community 5.4.3-r0 Russ Webber <russ@rw.id.au> possibly vulnerable