CVE-2025-3549: Open Asset Import Library Assimp File MD3Loader.cpp ValidateSurfaceHeaderOffsets heap-based overflow
Description
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in Open Asset Import Library Assimp 5.4.3 gefunden. Sie wurde als kritisch eingestuft. Es betrifft die Funktion Assimp::MD3Importer::ValidateSurfaceHeaderOffsets der Datei code/AssetLib/MD3/MD3Loader.cpp der Komponente File Handler. Dank der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2025-3549
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.8
CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products
Vendor: Open Asset Import Library
Product: Assimp
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.01% (probability of being exploited)
EPSS Percentile: 1.72% (scored less or equal to compared to others)
EPSS Date: 2025-04-20 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-3549https://vuldb.com/?id.304590
https://vuldb.com/?ctiid.304590
https://vuldb.com/?submit.546414
https://github.com/assimp/assimp/issues/6070
https://github.com/user-attachments/files/19580481/Assimp_MD3Importer_ValidateSurfaceHeaderOffsets-hbo.zip