CVE-2025-3196
Publication date 4 April 2025
Last updated 9 April 2025
Ubuntu priority
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| assimp | 24.10 oracular |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.3 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2025-3196
- https://github.com/assimp/assimp/issues/6069
- https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425
- https://github.com/assimp/assimp/milestone/11
- https://vuldb.com/?ctiid.303150
- https://vuldb.com/?id.303150
- https://vuldb.com/?submit.545368