Out-of-Bounds Read Vulnerability in Open Asset Import Library Assimp
CVE-2025-5167
4.8MEDIUM
Key Information:
- Vendor
Open Asset Import Library
- Status
- Vendor
- CVE Published:
- 26 May 2025
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2025-5167?
A vulnerability exists in Open Asset Import Library (Assimp) version 5.4.3, specifically in the LWOImporter::GetS0 function. The issue arises due to improper handling of the argument 'out', which can lead to an out-of-bounds read condition. This type of vulnerability requires local access to be exploited. Public disclosure of this vulnerability has taken place, allowing the possibility for malicious actors to leverage it. The Assimp project aims to consolidate all related Fuzzer bugs to address similar security issues in future updates.
Affected Version(s)
Assimp 5.4.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.