Vulnerability-Lookup

CVE-2025-2592 (GCVE-0-2025-2592)

Vulnerability from cvelistv5 – Published: 2025-03-21 14:00 – Updated: 2025-03-21 14:25

Title

Open Asset Import Library Assimp CSMLoader.cpp InternReadFile heap-based overflow

Summary

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2690e354da0c681db000cfd892a55226788f2743. It is recommended to apply a patch to fix this issue.

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-119 - Memory Corruption

Assigner

VulDB

References

URL

	Vendor	Product	Version
	Open Asset Import Library	Assimp	Affected: 5.4.3

FKIE_CVE-2025-2592

Vulnerability from fkie_nvd - Published: 2025-03-21 14:15 - Updated: 2025-07-17 21:52

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cna@vuldb.com	https://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743	Patch
cna@vuldb.com	https://github.com/assimp/assimp/issues/6010	Exploit, Issue Tracking
cna@vuldb.com	https://github.com/assimp/assimp/issues/6010#issue-2877368110	Exploit, Issue Tracking
cna@vuldb.com	https://github.com/assimp/assimp/pull/6052	Patch
cna@vuldb.com	https://vuldb.com/?ctiid.300575	Permissions Required, VDB Entry
cna@vuldb.com	https://vuldb.com/?id.300575	Third Party Advisory, VDB Entry
cna@vuldb.com	https://vuldb.com/?submit.517782	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	assimp	assimp	5.4.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:assimp:assimp:5.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD8EC697-A5C6-4066-9E02-9181B33F7428",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2690e354da0c681db000cfd892a55226788f2743. It is recommended to apply a patch to fix this issue."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado una vulnerabilidad, que se clasific\u00f3 como cr\u00edtica, en Open Asset Import Library Assimp 5.4.3. Este problema afecta la funci\u00f3n CSMIMPORTER::InternetFile del archivo de archivo/AssetLib/CSM/CSMLoader.cpp. La manipulaci\u00f3n conduce al desbordamiento del b\u00fafer basado en el mont\u00f3n. El ataque puede iniciarse de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se llama 2690E354DA0C681DB000CFD892A55226788F2743. Se recomienda aplicar un parche para solucionar este problema."
    }
  ],
  "id": "CVE-2025-2592",
  "lastModified": "2025-07-17T21:52:30.377",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-21T14:15:17.037",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://github.com/assimp/assimp/issues/6010"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://github.com/assimp/assimp/issues/6010#issue-2877368110"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/assimp/assimp/pull/6052"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.300575"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.300575"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?submit.517782"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        },
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    }
  ]
}

OPENSUSE-SU-2025:14950-1

Vulnerability from csaf_opensuse - Published: 2025-04-02 00:00 - Updated: 2025-04-02 00:00

Summary

assimp-devel-5.4.3-5.1 on GA media

Severity

Moderate

Notes

Title of the patch: assimp-devel-5.4.3-5.1 on GA media

Description of the patch: These are all security issues fixed in the assimp-devel-5.4.3-5.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2025-14950

CVE-2025-2591

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2025-2592

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2025-3015

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2025-3016

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

OPENSUSE-SU-2025:0117-1

Vulnerability from csaf_opensuse - Published: 2025-04-09 06:48 - Updated: 2025-04-09 06:48

Summary

Security update for doomsday

Severity

Important

Notes

Title of the patch: Security update for doomsday

Description of the patch: This update for doomsday fixes the following issues: - CVE-2025-2592: Use system assimp library to fix a heap-based buffer overflow (boo#1239917)

Patchnames: openSUSE-2025-117

CVE-2025-2592

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

OPENSUSE-SU-2025:0113-1

Vulnerability from csaf_opensuse - Published: 2025-04-02 16:31 - Updated: 2025-04-02 16:31

Summary

Security update for assimp

Severity

Important

Notes

Title of the patch: Security update for assimp

Description of the patch: This update for assimp fixes the following issues: - CVE-2024-48425: Fixed SEGV in Assimp:SplitLargeMeshesProcess_Triangle:UpdateNode (boo#1232324) - CVE-2024-48423: Fixed a arbitrary code execution via CallbackToLogRedirector() (boo#1232322) - CVE-2024-48424: Fixed a heap-buffer-overflow in OpenDDLParser:parseStructure() (boo#1232323) - CVE-2024-53425: Fixed a heap-based buffer overflow in SkipSpacesAndLineEnd() (boo#1233633) - CVE-2025-2592: Fixed a heap-based buffer overflow in Assimp::CSMImporter::InternReadFile() (boo#1239916) - CVE-2025-3015: Fixed out-of-bounds read caused by manipulation of the argument mIndices (boo#1240412) - CVE-2025-3016: Fixed a denial of service caused by manipulation of the argument mWidth/mHeight (boo#1240413) - CVE-2025-2591: Fixed a denial of service in code/AssetLib/MDL/MDLLoader.cpp (boo#1239920) - CVE-2025-2151: Fixed a stack-based buffer overflow in Assimp::GetNextLine() (boo#1239220)

Patchnames: openSUSE-2025-113

CVE-2024-48423

6.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2024-48424

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2024-48425

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2024-53425

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2025-2151

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2025-2591

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2025-2592

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2025-3015

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2025-3016

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/o…	self
	https://lists.opensuse.org/archives/list/security…	self
	https://lists.opensuse.org/archives/list/security…	self
	https://bugzilla.suse.com/1232322	self
	https://bugzilla.suse.com/1232323	self
	https://bugzilla.suse.com/1232324	self
	https://bugzilla.suse.com/1233633	self
	https://bugzilla.suse.com/1239220	self
	https://bugzilla.suse.com/1239916	self
	https://bugzilla.suse.com/1239920	self
	https://bugzilla.suse.com/1240412	self
	https://bugzilla.suse.com/1240413	self
	https://www.suse.com/security/cve/CVE-2024-48423/	self
	https://www.suse.com/security/cve/CVE-2024-48424/	self
	https://www.suse.com/security/cve/CVE-2024-48425/	self
	https://www.suse.com/security/cve/CVE-2024-53425/	self
	https://www.suse.com/security/cve/CVE-2025-2151/	self
	https://www.suse.com/security/cve/CVE-2025-2591/	self
	https://www.suse.com/security/cve/CVE-2025-2592/	self
	https://www.suse.com/security/cve/CVE-2025-3015/	self
	https://www.suse.com/security/cve/CVE-2025-3016/	self
	https://www.suse.com/security/cve/CVE-2024-48423	external
	https://bugzilla.suse.com/1232322	external
	https://www.suse.com/security/cve/CVE-2024-48424	external
	https://bugzilla.suse.com/1232323	external
	https://www.suse.com/security/cve/CVE-2024-48425	external
	https://bugzilla.suse.com/1232324	external
	https://www.suse.com/security/cve/CVE-2024-53425	external
	https://bugzilla.suse.com/1233633	external
	https://www.suse.com/security/cve/CVE-2025-2151	external
	https://bugzilla.suse.com/1239220	external
	https://www.suse.com/security/cve/CVE-2025-2591	external
	https://bugzilla.suse.com/1239919	external
	https://www.suse.com/security/cve/CVE-2025-2592	external
	https://bugzilla.suse.com/1239914	external
	https://www.suse.com/security/cve/CVE-2025-3015	external
	https://bugzilla.suse.com/1239698	external
	https://bugzilla.suse.com/1240412	external
	https://www.suse.com/security/cve/CVE-2025-3016	external
	https://bugzilla.suse.com/1240413	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for assimp",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for assimp fixes the following issues:\n\n- CVE-2024-48425: Fixed SEGV in Assimp:SplitLargeMeshesProcess_Triangle:UpdateNode (boo#1232324)\n- CVE-2024-48423: Fixed a arbitrary code execution via CallbackToLogRedirector() (boo#1232322)\n- CVE-2024-48424: Fixed a heap-buffer-overflow in OpenDDLParser:parseStructure() (boo#1232323)\n- CVE-2024-53425: Fixed a heap-based buffer overflow in SkipSpacesAndLineEnd() (boo#1233633)\n- CVE-2025-2592: Fixed a heap-based buffer overflow in Assimp::CSMImporter::InternReadFile() (boo#1239916)\n- CVE-2025-3015: Fixed out-of-bounds read caused by manipulation of the argument mIndices (boo#1240412)\n- CVE-2025-3016: Fixed a denial of service caused by manipulation of the argument mWidth/mHeight (boo#1240413)\n- CVE-2025-2591: Fixed a denial of service in code/AssetLib/MDL/MDLLoader.cpp (boo#1239920)\n- CVE-2025-2151: Fixed a stack-based buffer overflow in Assimp::GetNextLine() (boo#1239220)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2025-113",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_0113-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2025:0113-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GUXUVZ7SBZK5ZFR45B223UXCWUMD4XQD/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2025:0113-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GUXUVZ7SBZK5ZFR45B223UXCWUMD4XQD/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1232322",
        "url": "https://bugzilla.suse.com/1232322"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1232323",
        "url": "https://bugzilla.suse.com/1232323"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1232324",
        "url": "https://bugzilla.suse.com/1232324"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1233633",
        "url": "https://bugzilla.suse.com/1233633"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239220",
        "url": "https://bugzilla.suse.com/1239220"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239916",
        "url": "https://bugzilla.suse.com/1239916"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239920",
        "url": "https://bugzilla.suse.com/1239920"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240412",
        "url": "https://bugzilla.suse.com/1240412"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240413",
        "url": "https://bugzilla.suse.com/1240413"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-48423 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-48423/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-48424 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-48424/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-48425 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-48425/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-53425 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-53425/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-2151 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-2151/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-2591 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-2591/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-2592 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-2592/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-3015 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-3015/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-3016 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-3016/"
      }
    ],
    "title": "Security update for assimp",
    "tracking": {
      "current_release_date": "2025-04-02T16:31:31Z",
      "generator": {
        "date": "2025-04-02T16:31:31Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:0113-1",
      "initial_release_date": "2025-04-02T16:31:31Z",
      "revision_history": [
        {
          "date": "2025-04-02T16:31:31Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "assimp-devel-5.3.1-bp156.3.9.1.aarch64",
                "product": {
                  "name": "assimp-devel-5.3.1-bp156.3.9.1.aarch64",
                  "product_id": "assimp-devel-5.3.1-bp156.3.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libassimp5-5.3.1-bp156.3.9.1.aarch64",
                "product": {
                  "name": "libassimp5-5.3.1-bp156.3.9.1.aarch64",
                  "product_id": "libassimp5-5.3.1-bp156.3.9.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
                "product": {
                  "name": "assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
                  "product_id": "assimp-devel-5.3.1-bp156.3.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libassimp5-5.3.1-bp156.3.9.1.ppc64le",
                "product": {
                  "name": "libassimp5-5.3.1-bp156.3.9.1.ppc64le",
                  "product_id": "libassimp5-5.3.1-bp156.3.9.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "assimp-devel-5.3.1-bp156.3.9.1.s390x",
                "product": {
                  "name": "assimp-devel-5.3.1-bp156.3.9.1.s390x",
                  "product_id": "assimp-devel-5.3.1-bp156.3.9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libassimp5-5.3.1-bp156.3.9.1.s390x",
                "product": {
                  "name": "libassimp5-5.3.1-bp156.3.9.1.s390x",
                  "product_id": "libassimp5-5.3.1-bp156.3.9.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "assimp-devel-5.3.1-bp156.3.9.1.x86_64",
                "product": {
                  "name": "assimp-devel-5.3.1-bp156.3.9.1.x86_64",
                  "product_id": "assimp-devel-5.3.1-bp156.3.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libassimp5-5.3.1-bp156.3.9.1.x86_64",
                "product": {
                  "name": "libassimp5-5.3.1-bp156.3.9.1.x86_64",
                  "product_id": "libassimp5-5.3.1-bp156.3.9.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 15 SP6",
                "product": {
                  "name": "SUSE Package Hub 15 SP6",
                  "product_id": "SUSE Package Hub 15 SP6"
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.6",
                "product": {
                  "name": "openSUSE Leap 15.6",
                  "product_id": "openSUSE Leap 15.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "assimp-devel-5.3.1-bp156.3.9.1.aarch64 as component of SUSE Package Hub 15 SP6",
          "product_id": "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64"
        },
        "product_reference": "assimp-devel-5.3.1-bp156.3.9.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "assimp-devel-5.3.1-bp156.3.9.1.ppc64le as component of SUSE Package Hub 15 SP6",
          "product_id": "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le"
        },
        "product_reference": "assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "assimp-devel-5.3.1-bp156.3.9.1.s390x as component of SUSE Package Hub 15 SP6",
          "product_id": "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x"
        },
        "product_reference": "assimp-devel-5.3.1-bp156.3.9.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "assimp-devel-5.3.1-bp156.3.9.1.x86_64 as component of SUSE Package Hub 15 SP6",
          "product_id": "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64"
        },
        "product_reference": "assimp-devel-5.3.1-bp156.3.9.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libassimp5-5.3.1-bp156.3.9.1.aarch64 as component of SUSE Package Hub 15 SP6",
          "product_id": "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64"
        },
        "product_reference": "libassimp5-5.3.1-bp156.3.9.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libassimp5-5.3.1-bp156.3.9.1.ppc64le as component of SUSE Package Hub 15 SP6",
          "product_id": "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le"
        },
        "product_reference": "libassimp5-5.3.1-bp156.3.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libassimp5-5.3.1-bp156.3.9.1.s390x as component of SUSE Package Hub 15 SP6",
          "product_id": "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x"
        },
        "product_reference": "libassimp5-5.3.1-bp156.3.9.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libassimp5-5.3.1-bp156.3.9.1.x86_64 as component of SUSE Package Hub 15 SP6",
          "product_id": "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
        },
        "product_reference": "libassimp5-5.3.1-bp156.3.9.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "assimp-devel-5.3.1-bp156.3.9.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64"
        },
        "product_reference": "assimp-devel-5.3.1-bp156.3.9.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "assimp-devel-5.3.1-bp156.3.9.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le"
        },
        "product_reference": "assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "assimp-devel-5.3.1-bp156.3.9.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x"
        },
        "product_reference": "assimp-devel-5.3.1-bp156.3.9.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "assimp-devel-5.3.1-bp156.3.9.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64"
        },
        "product_reference": "assimp-devel-5.3.1-bp156.3.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libassimp5-5.3.1-bp156.3.9.1.aarch64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64"
        },
        "product_reference": "libassimp5-5.3.1-bp156.3.9.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libassimp5-5.3.1-bp156.3.9.1.ppc64le as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le"
        },
        "product_reference": "libassimp5-5.3.1-bp156.3.9.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libassimp5-5.3.1-bp156.3.9.1.s390x as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x"
        },
        "product_reference": "libassimp5-5.3.1-bp156.3.9.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libassimp5-5.3.1-bp156.3.9.1.x86_64 as component of openSUSE Leap 15.6",
          "product_id": "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
        },
        "product_reference": "libassimp5-5.3.1-bp156.3.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-48423",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-48423"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-48423",
          "url": "https://www.suse.com/security/cve/CVE-2024-48423"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1232322 for CVE-2024-48423",
          "url": "https://bugzilla.suse.com/1232322"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-04-02T16:31:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-48423"
    },
    {
      "cve": "CVE-2024-48424",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-48424"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-48424",
          "url": "https://www.suse.com/security/cve/CVE-2024-48424"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1232323 for CVE-2024-48424",
          "url": "https://bugzilla.suse.com/1232323"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-04-02T16:31:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-48424"
    },
    {
      "cve": "CVE-2024-48425",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-48425"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-48425",
          "url": "https://www.suse.com/security/cve/CVE-2024-48425"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1232324 for CVE-2024-48425",
          "url": "https://bugzilla.suse.com/1232324"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-04-02T16:31:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-48425"
    },
    {
      "cve": "CVE-2024-53425",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-53425"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-53425",
          "url": "https://www.suse.com/security/cve/CVE-2024-53425"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1233633 for CVE-2024-53425",
          "url": "https://bugzilla.suse.com/1233633"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-04-02T16:31:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-53425"
    },
    {
      "cve": "CVE-2025-2151",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-2151"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-2151",
          "url": "https://www.suse.com/security/cve/CVE-2025-2151"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239220 for CVE-2025-2151",
          "url": "https://bugzilla.suse.com/1239220"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-04-02T16:31:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-2151"
    },
    {
      "cve": "CVE-2025-2591",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-2591"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-2591",
          "url": "https://www.suse.com/security/cve/CVE-2025-2591"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239919 for CVE-2025-2591",
          "url": "https://bugzilla.suse.com/1239919"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-04-02T16:31:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-2591"
    },
    {
      "cve": "CVE-2025-2592",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-2592"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2690e354da0c681db000cfd892a55226788f2743. It is recommended to apply a patch to fix this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-2592",
          "url": "https://www.suse.com/security/cve/CVE-2025-2592"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239914 for CVE-2025-2592",
          "url": "https://bugzilla.suse.com/1239914"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-04-02T16:31:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-2592"
    },
    {
      "cve": "CVE-2025-3015",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-3015"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0 is able to address this issue. The patch is named 7c705fde418d68cca4e8eff56be01b2617b0d6fe. It is recommended to apply a patch to fix this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-3015",
          "url": "https://www.suse.com/security/cve/CVE-2025-3015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239698 for CVE-2025-3015",
          "url": "https://bugzilla.suse.com/1239698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240412 for CVE-2025-3015",
          "url": "https://bugzilla.suse.com/1240412"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-04-02T16:31:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-3015"
    },
    {
      "cve": "CVE-2025-3016",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-3016"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument mWidth/mHeight leads to resource consumption. The attack can be initiated remotely. Upgrading to version 6.0 is able to address this issue. The name of the patch is 5d2a7482312db2e866439a8c05a07ce1e718bed1. It is recommended to apply a patch to fix this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
          "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-3016",
          "url": "https://www.suse.com/security/cve/CVE-2025-3016"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240413 for CVE-2025-3016",
          "url": "https://bugzilla.suse.com/1240413"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "SUSE Package Hub 15 SP6:libassimp5-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:assimp-devel-5.3.1-bp156.3.9.1.x86_64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.aarch64",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.ppc64le",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.s390x",
            "openSUSE Leap 15.6:libassimp5-5.3.1-bp156.3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-04-02T16:31:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-3016"
    }
  ]
}

BDU:2025-12578

Vulnerability from fstec - Published: 21.03.2025

Title

Уязвимость библиотеки импорта 3D-моделей Open Asset Import Library (Assimp), связанная с переполнением буфера в динамической памяти, позволяющая нарушителю получить несанкционированный к конфиденциальной информации

Description

Уязвимость библиотеки импорта 3D-моделей Open Asset Import Library (Assimp) связана с переполнением буфера в динамической памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к конфиденциальной информации

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Novell Inc., ООО «Ред Софт», Alexander Gessler, Thomas Schulze, Kim Kulling

Software Name

openSUSE Tumbleweed, РЕД ОС (запись в едином реестре российских программ №3751), OpenSUSE Leap, SUSE Package Hub, Open Asset Import Library (Assimp)

Software Version

- (openSUSE Tumbleweed), 7.3 (РЕД ОС), 15.6 (OpenSUSE Leap), 15 SP6 (SUSE Package Hub), 5.4.3 (Open Asset Import Library (Assimp))

Possible Mitigations

Использование рекомендаций: https://github.com/assimp/assimp/pull/6052 https://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743 Для РедОС: https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-assimp-cve-2025-2592-cve-2025-2591-cve-2025-3158/?sphrase_id=1313594 Для программных продуктов Novell Inc.: https://www.suse.com/ko-kr/security/cve/CVE-2025-2592.html

Reference

https://github.com/assimp/assimp/pull/6052 https://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743 https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-assimp-cve-2025-2592-cve-2025-2591-cve-2025-3158/?sphrase_id=1313594 https://www.suse.com/ko-kr/security/cve/CVE-2025-2592.html

CWE

CWE-122

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Alexander Gessler, Thomas Schulze, Kim Kulling",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (openSUSE Tumbleweed), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 15.6 (OpenSUSE Leap), 15 SP6 (SUSE Package Hub), 5.4.3 (Open Asset Import Library (Assimp))",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/assimp/assimp/pull/6052\nhttps://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-assimp-cve-2025-2592-cve-2025-2591-cve-2025-3158/?sphrase_id=1313594\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/ko-kr/security/cve/CVE-2025-2592.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.03.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "08.10.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "08.10.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-12578",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-2592",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "openSUSE Tumbleweed, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), OpenSUSE Leap, SUSE Package Hub, Open Asset Import Library (Assimp)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. openSUSE Tumbleweed - , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Novell Inc. OpenSUSE Leap 15.6 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0438\u043c\u043f\u043e\u0440\u0442\u0430 3D-\u043c\u043e\u0434\u0435\u043b\u0435\u0439 Open Asset Import Library (Assimp), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0438\u043c\u043f\u043e\u0440\u0442\u0430 3D-\u043c\u043e\u0434\u0435\u043b\u0435\u0439 Open Asset Import Library (Assimp) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/assimp/assimp/pull/6052\nhttps://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-assimp-cve-2025-2592-cve-2025-2591-cve-2025-3158/?sphrase_id=1313594\nhttps://www.suse.com/ko-kr/security/cve/CVE-2025-2592.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-122",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

GHSA-GQ4X-2QP9-2GVW

Vulnerability from github – Published: 2025-03-21 15:31 – Updated: 2025-03-21 15:31

Details

Severity ?

6.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

5.3 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-2592"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-21T14:15:17Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2690e354da0c681db000cfd892a55226788f2743. It is recommended to apply a patch to fix this issue.",
  "id": "GHSA-gq4x-2qp9-2gvw",
  "modified": "2025-03-21T15:31:15Z",
  "published": "2025-03-21T15:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2592"
    },
    {
      "type": "WEB",
      "url": "https://github.com/assimp/assimp/issues/6010"
    },
    {
      "type": "WEB",
      "url": "https://github.com/assimp/assimp/issues/6010#issue-2877368110"
    },
    {
      "type": "WEB",
      "url": "https://github.com/assimp/assimp/pull/6052"
    },
    {
      "type": "WEB",
      "url": "https://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.300575"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.300575"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.517782"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-2592 (GCVE-0-2025-2592)

FKIE_CVE-2025-2592

OPENSUSE-SU-2025:14950-1

OPENSUSE-SU-2025:0117-1

OPENSUSE-SU-2025:0113-1

BDU:2025-12578

GHSA-GQ4X-2QP9-2GVW

Tags

Sightings

Nomenclature