Out-of-Bounds Read Vulnerability in Open Asset Import Library Assimp Affecting Multiple Versions
CVE-2025-5168
Key Information:
- Vendor
Open Asset Import Library
- Status
- Vendor
- CVE Published:
- 26 May 2025
Badges
What is CVE-2025-5168?
A vulnerability exists in Open Asset Import Library Assimp version 5.4.3 located in the MDLImporter::ImportUVCoordinate_3DGS_MDL345 function within MDLLoader.cpp. This flaw allows for an out-of-bounds read triggered by improper manipulation of the index parameter during UV coordinate importation, potentially leading to data exposure. Local exploitation is required, and the vulnerability has been publicly disclosed, raising concerns about its possible exploitation. The maintainers have announced intentions to consolidate Fuzzer-related bugs in a single issue to enhance future security measures.
Affected Version(s)
Assimp 5.4.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.