CVE-2025-3549

Open Asset Import Library Assimp File MD3Loader.cpp ValidateSurfaceHeaderOffsets heap-based overflow

Published: 4/14/2025 Last updated: 4/14/2025 Reserved: 4/13/2025

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

CNA assigner: VulDB (1af790b2-7ee1-4545-860a-a788eba489b5) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
4.0	4.8	Medium	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.1	5.3	Medium	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.0	5.3	Medium	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.0	4.3	Medium	CVSS:2.0/AV:L/AC:L/Au:S/C:P/I:P/A:P

Opam packages affected (2)

assimp conf-assimp

Products affected (1)

Product	Vendor	Version
Assimp	Open Asset Import Library	< 4.17

CVE-2025-3549

Open Asset Import Library Assimp File MD3Loader.cpp ValidateSurfaceHeaderOffsets heap-based overflow

Metrics

Opam packages affected (2)

Products affected (1)

References (5)