Heap-Based Buffer Overflow in Open Asset Import Library Assimp
CVE-2025-3548
Key Information:
- Vendor
- Open Asset Import Library
- Status
- Assimp
- Vendor
- CVE Published:
- 14 April 2025
Badges
Summary
A vulnerability has been identified in the Open Asset Import Library Assimp, specifically within the function aiString::Set located in the header file include/assimp/types.h. This weakness results in a heap-based buffer overflow, which can potentially be exploited by an attacker on the local host. The issue has been publicly disclosed, prompting the recommendation for users to apply the necessary patches to mitigate the risk associated with this vulnerability. Users are urged to stay vigilant and update their installations to secure their systems.
Affected Version(s)
Assimp 5.4.0
Assimp 5.4.1
Assimp 5.4.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved