Nixpkgs security tracker
Untriaged
Permalink
CVE-2025-15538
5.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): Low (L)
- Availability (A): Low (L)
- Exploit Code Maturity (E): Proof-of-Concept (P)
- Remediation Level (RL): Not Defined (X)
- Report Confidence (RC): Reasonable (R)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
Open Asset Import Library Assimp LWOMaterial.cpp FindUVChannels use after free
A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.
References
-
VDB-341727 | Open Asset Import Library Assimp LWOMaterial.cpp FindUVChannels use after free vdb-entrytechnical-description
-
-
Submit #735232 | Open Asset Import Library Assimp 6.0.2 Use After Free third-party-advisory
-
https://github.com/assimp/assimp/issues/6258 issue-tracking
Affected products
Assimp
- ==6.0.0
- ==6.0.2
- ==6.0.1
Package maintainers
-
@ehmry Emery Hemingway <ehmry@posteo.net>