Heap-Based Buffer Overflow in Open Asset Import Library Assimp up to Version 5.4.3
CVE-2025-15666
Key Information:
- Vendor
Open Asset Import Library
- Status
- Vendor
- CVE Published:
- 1 July 2026
Badges
What is CVE-2025-15666?
A security vulnerability exists in Open Asset Import Library (Assimp) prior to version 5.4.3, specifically within the Assimp::SceneCombiner::Copy function located in the Model File Handler component. This issue arises from manipulations involving width and height arguments, leading to a heap-based buffer overflow vulnerability. The exploit requires local execution, and details have been publicly disclosed. Ongoing efforts to address this defect are tracked under issue #6128.
Affected Version(s)
Assimp 5.4.0
Assimp 5.4.1
Assimp 5.4.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
