Resource Consumption Vulnerability in Open Asset Import Library Assimp
CVE-2025-3016

5.3MEDIUM

Key Information:

Vendor

Open Asset Import Library

Status
Assimp
Vendor
CVE Published:
31 March 2025

What is CVE-2025-3016?

A vulnerability has been identified in Open Asset Import Library Assimp 5.4.3 that impacts the MDL File Handler functionality, specifically in the Assimp::MDLImporter::ParseTextureColorData method. This flaw allows an attacker to exploit the mWidth and mHeight parameters, potentially leading to excessive resource consumption. The vulnerability can be triggered remotely, which poses a risk for users who have not upgraded to the patched version 6.0. To mitigate this issue, it is essential to apply the available patch (commit 5d2a7482312db2e866439a8c05a07ce1e718bed1) to strengthen system security.

Affected Version(s)

Assimp 5.4.3

References

https://vuldb.com/?id.302068
vdb-entrytechnical-description
https://vuldb.com/?ctiid.302068
signaturepermissions-required
https://vuldb.com/?submit.524593
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

d3ng03 (VulDB User)
.