CVE Catalog

CVE-2025-15666

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

A heap-based buffer overflow vulnerability was found in Open Asset Import Library Assimp up to version 5.4.3 in the Assimp::SceneCombiner::Copy function. Manipulating width/height arguments triggers the overflow.

Risk Assessment

A local attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service in applications using the Assimp library for 3D model processing.

Recommendation

Update the Assimp library to version 5.4.4 or later when available. Until then, restrict processing of untrusted model files.

Original NVD description (English source)

A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the file code/Common/SceneCombiner.cpp of the component Model File Handler. Such manipulation of the argument width/height leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS