logo_clicknbuy.png

CVE-2025-2591 – “Open Asset Import Library Assimp Divide By Zero Vulnerability”

The following table lists the changes that have been made to the
CVE-2025-2591 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Mar. 21, 2025

    Action Type Old Value New Value
    Added Description A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
    Added CVSS V2 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Added CWE CWE-369
    Added CWE CWE-404
    Added Reference https://github.com/assimp/assimp/issues/6009
    Added Reference https://github.com/assimp/assimp/issues/6009#issue-2877367021
    Added Reference https://github.com/assimp/assimp/pull/6047
    Added Reference https://github.com/assimp/assimp/pull/6047/commits/ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd
    Added Reference https://vuldb.com/?ctiid.300574
    Added Reference https://vuldb.com/?id.300574
    Added Reference https://vuldb.com/?submit.517781
Share the Post:

Related Posts