CNNVD-202510-754 Information
CNNVD ID
CNNVD-202510-754
Related CVE
- CNNVD Published: 2025-10-05
Description (Chinese)
Open Asset Import Library Assimp是Open Asset Import Library开源的一个官方开放资产导入库存储库。可将40多种3D文件格式加载到一个统一且干净的数据结构中。 Open Asset Import Library Assimp 6.0.2版本存在安全漏洞,该漏洞源于Q3DImporter::InternReadFile函数资源分配不当,可能导致本地执行攻击。
Description (English)
Open Assembly Import Library Assimp is an official open repository of assets from Open Assembly Import Library. More than 40 3D file formats can be loaded into a uniform and clean data structure. There is a security loophole in version 6.2 of Open Report Aviation Assimp, which stems from the misallocation of resources for the Q3DImporter::InterReadFile function, which may lead to local execution attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Open Asset Import Library
Published
2025-10-05
Last Modified
2026-02-24
References
https://github.com/assimp/assimp/issues/6356 https://github.com/user-attachments/files/22407575/poc.zip https://vuldb.com/?ctiid.327008 https://vuldb.com/?id.327008 https://vuldb.com/?submit.658075
Share on: