logo_clicknbuy.png

CVE-2025-5200 – Open Asset Import Library Assimp Out-of-Bounds Read Vulnerability

The following table lists the changes that have been made to the
CVE-2025-5200 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    May. 26, 2025

    Action Type Old Value New Value
    Added Description A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFile_Quake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.
    Added CVSS V4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
    Added CVSS V2 (AV:L/AC:L/Au:S/C:N/I:N/A:P)
    Added CWE CWE-119
    Added CWE CWE-125
    Added Reference https://github.com/assimp/assimp/issues/6128
    Added Reference https://github.com/assimp/assimp/issues/6172
    Added Reference https://github.com/user-attachments/files/20208985/line-452-reproducer.zip
    Added Reference https://vuldb.com/?ctiid.310289
    Added Reference https://vuldb.com/?id.310289
    Added Reference https://vuldb.com/?submit.578005
Share the Post:

Related Posts