#1103443 assimp: CVE-2025-3548

Package:
src:assimp
Source:
src:assimp
Submitter:
Salvatore Bonaccorso
Date:
2025-08-29 19:49:04 UTC
Severity:
normal
Tags:
#1103443#5
Date:
2025-04-17 18:46:31 UTC
From:
To:
Hi,

The following vulnerability was published for assimp.

CVE-2025-3548[0]:
| A vulnerability, which was classified as critical, has been found in
| Open Asset Import Library Assimp up to 5.4.3. This issue affects the
| function aiString::Set in the library include/assimp/types.h of the
| component File Handler. The manipulation leads to heap-based buffer
| overflow. It is possible to launch the attack on the local host. The
| exploit has been disclosed to the public and may be used. It is
| recommended to apply a patch to fix this issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-3548
https://www.cve.org/CVERecord?id=CVE-2025-3548
[1] https://github.com/assimp/assimp/issues/6068
[2] https://github.com/assimp/assimp/pull/6073
[3] https://github.com/assimp/assimp/commit/0ae66d27039481dc2a507bbc8482f691037c1a5a

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
#1103443#16
Date:
2025-08-29 19:46:50 UTC
From:
To:
close 1103443 6.0.2+ds-1
thanks