Permalink
CVE-2025-15538
5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
Open Asset Import Library Assimp LWOMaterial.cpp FindUVChannels use after free
A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.
References
- VDB-341727 | Open Asset Import Library Assimp LWOMaterial.cpp FindUVChannels use after free vdb-entry technical-description
- VDB-341727 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
- Submit #735232 | Open Asset Import Library Assimp 6.0.2 Use After Free third-party-advisory
- https://github.com/assimp/assimp/issues/6258 issue-tracking
- https://github.com/assimp/assimp/issues/6258#issuecomment-3070999530 issue-tracking
- https://github.com/user-attachments/files/21216542/assimp_poc10.zip exploit
- VDB-341727 | Open Asset Import Library Assimp LWOMaterial.cpp FindUVChannels use after free vdb-entry technical-description
- VDB-341727 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
- Submit #735232 | Open Asset Import Library Assimp 6.0.2 Use After Free third-party-advisory
- https://github.com/assimp/assimp/issues/6258 issue-tracking
- https://github.com/assimp/assimp/issues/6258#issuecomment-3070999530 issue-tracking
- https://github.com/user-attachments/files/21216542/assimp_poc10.zip exploit
Affected products
Assimp
- ==6.0.0
- ==6.0.2
- ==6.0.1
Package maintainers
-
@ehmry Emery Hemingway <ehmry@posteo.net>