Fabre

#1102228 assimp: CVE-2025-2757 #1102228

Package:: src:assimp

Source:: src:assimp

Submitter:: Salvatore Bonaccorso

Date:: 2025-08-29 20:07:10 UTC

Severity:: normal

Tags:

#1102228#5

Date:: 2025-04-06 14:38:38 UTC

From:

To:

Hi,

The following vulnerability was published for assimp.

CVE-2025-2757[0]:
| A vulnerability classified as critical was found in Open Asset
| Import Library Assimp 5.4.3. This vulnerability affects the function
| AI_MD5_PARSE_STRING_IN_QUOTATION of the file
| code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler.
| The manipulation of the argument data leads to heap-based buffer
| overflow. The attack can be initiated remotely. The exploit has been
| disclosed to the public and may be used.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-2757
https://www.cve.org/CVERecord?id=CVE-2025-2757
[1] https://github.com/assimp/assimp/issues/6019

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#1102228#16

Date:: 2025-08-29 19:57:07 UTC

From:

To:

close 1102228 6.0.2+ds-1
close 1101495 6.0.2+ds-1
close 1101496 6.0.2+ds-1
close 1102222 6.0.2+ds-1
close 1102221 6.0.2+ds-1
close 1100438 6.0.2+ds-1
close 1100439 6.0.2+ds-1
close 1088187 6.0.2+ds-1
close 1086044 6.0.2+ds-1
close 1086045 6.0.2+ds-1
close 1086046 6.0.2+ds-1
thanks

#1102228 assimp: CVE-2025-2757 #1102228

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)