CNNVD-202510-751 Information
CNNVD ID
CNNVD-202510-751
Related CVE
- CNNVD Published: 2025-10-05
Description (Chinese)
Open Asset Import Library Assimp是Open Asset Import Library开源的一个官方开放资产导入库存储库。可将40多种3D文件格式加载到一个统一且干净的数据结构中。 Open Asset Import Library Assimp 6.0.2版本存在安全漏洞,该漏洞源于Q3DLoader.cpp文件中Q3DImporter::InternReadFile函数存在堆缓冲区溢出,可能导致执行任意代码。
Description (English)
Open Assembly Import Library Assimp is an official open repository of assets from Open Assembly Import Library. More than 40 3D file formats can be loaded into a uniform and clean data structure. There is a security loophole in version 6.02 of Open Report Infrastructure Assimp, which originates in the Q3DROMporter:: InterReadFile function in Q3DLoader.cpp, and may result in the implementation of any code.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Open Asset Import Library
Published
2025-10-05
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.327011 https://vuldb.com/?submit.658912 https://github.com/user-attachments/files/22422643/poc.zip https://github.com/assimp/assimp/issues/6358 https://vuldb.com/?id.327011 https://vigilance.fr/vulnerability/Assimp-buffer-overflow-via-Q3DImporter-InternReadFile-48687
Share on: