CVE-2025-3548

Sažetak

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Reference

https://github.com/assimp/assimp/issues/6068
https://github.com/assimp/assimp/pull/6073
https://github.com/user-attachments/files/19580584/aiString_Set-hbo.zip
https://vuldb.com/?ctiid.304589
https://vuldb.com/?id.304589
https://vuldb.com/?submit.546413

CVSS

Base:	4.3
Impact:	6.4
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-04-2025 - 18:39

Objavljeno

14-04-2025 - 03:15