Hi,
The following vulnerability was published for assimp.
CVE-2025-3196[0]:
| A vulnerability, which was classified as critical, was found in Open
| Asset Import Library Assimp 5.4.3. Affected is the function
| Assimp::MD2Importer::InternReadFile in the library
| code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File
| Handler. The manipulation of the argument Name leads to stack-based
| buffer overflow. The attack needs to be approached locally. The
| exploit has been disclosed to the public and may be used. It is
| recommended to upgrade the affected component.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-3196
https://www.cve.org/CVERecord?id=CVE-2025-3196
[1] https://github.com/assimp/assimp/issues/6069
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore