CNNVD-202506-1884 Information
CNNVD ID
CNNVD-202506-1884
Related CVE
- CNNVD Published: 2025-06-16
Description (Chinese)
Open Asset Import Library Assimp是Open Asset Import Library开源的一个官方开放资产导入库存储库。可将40多种3D文件格式加载到一个统一且干净的数据结构中。 Open Asset Import Library Assimp 5.4.3及之前版本存在资源管理错误漏洞,该漏洞源于对函数Assimp::BVHLoader::ReadNodeChannels中参数pNode的错误操作导致释放后重用。
Description (English)
Open Assembly Import Library Assimp is an official open repository of assets from Open Assembly Import Library. More than 40 3D file formats can be loaded into a uniform and clean data structure. Open Administration Infrastructure Asset 5.4.3 and previous versions have resource management error loopholes, which stem from the error of the argument pNode in function Assimp:::BVHLoader::Read NodeChannels, resulting in the re-use after release.
Hazard Level
High
Vulnerability Type
资源管理错误
Affected Vendor
Open Babel
Published
2025-06-16
Last Modified
2026-02-24
References
https://github.com/assimp/assimp/issues/6219 https://github.com/assimp/assimp/issues/6219#issuecomment-2945016005 https://github.com/user-attachments/files/20604791/reproduce_2.tar.gz https://vuldb.com/?ctiid.312588 https://vuldb.com/?id.312588 https://vuldb.com/?submit.591233 https://access.redhat.com/security/cve/cve-2025-6119
Patch
https://kimkulling.itch.io/the-asset-importer-lib
Share on: