CNNVD-202506-1883 Information
CNNVD ID
CNNVD-202506-1883
Related CVE
- CNNVD Published: 2025-06-16
Description (Chinese)
Open Asset Import Library Assimp是Open Asset Import Library开源的一个官方开放资产导入库存储库。可将40多种3D文件格式加载到一个统一且干净的数据结构中。 Open Asset Import Library Assimp 5.4.3及之前版本存在安全漏洞,该漏洞源于函数read_meshes存在堆缓冲区溢出。
Description (English)
Open Assembly Import Library Assimp is an official open repository of assets from Open Assembly Import Library. More than 40 3D file formats can be loaded into a uniform and clean data structure. The security gap that existed in the Open Assembly Report Library Assimp 5.4.3 and earlier versions stemmed from the proliferation of buffers in the function read meshes.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Open Babel
Published
2025-06-16
Last Modified
2026-02-24
References
https://github.com/assimp/assimp/issues/6220 https://github.com/assimp/assimp/issues/6220#issuecomment-2945018579 https://github.com/user-attachments/files/20605340/read_meshes_reproduce.tar.gz https://vuldb.com/?ctiid.312589 https://vuldb.com/?id.312589 https://vuldb.com/?submit.591235 https://access.redhat.com/security/cve/cve-2025-6120
Patch
https://kimkulling.itch.io/the-asset-importer-lib
Share on: