{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3548", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-04-13T17:45:16.448Z", "datePublished": "2025-04-14T02:31:05.592Z", "dateUpdated": "2025-04-14T14:56:10.933Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-14T02:31:05.592Z"}, "title": "Open Asset Import Library Assimp File types.h Set heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Open Asset Import Library", "product": "Assimp", "versions": [{"version": "5.4.0", "status": "affected"}, {"version": "5.4.1", "status": "affected"}, {"version": "5.4.2", "status": "affected"}, {"version": "5.4.3", "status": "affected"}], "modules": ["File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Open Asset Import Library Assimp bis 5.4.3 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion aiString::Set in der Bibliothek include/assimp/types.h der Komponente File Handler. Durch Beeinflussen mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2025-04-13T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-04-13T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-04-13T19:50:27.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "VulDB GitHub Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.304589", "name": "VDB-304589 | Open Asset Import Library Assimp File types.h Set heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.304589", "name": "VDB-304589 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.546413", "name": "Submit #546413 | Open Asset Import Library Assimp v5.4.3 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6068", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/19580584/aiString_Set-hbo.zip", "tags": ["exploit"]}, {"url": "https://github.com/assimp/assimp/pull/6073", "tags": ["issue-tracking", "patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T14:55:47.528742Z", "id": "CVE-2025-3548", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T14:56:10.933Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3548", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-14T14:55:47.528742Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T14:56:05.842Z"}}], "cna": {"title": "Open Asset Import Library Assimp File types.h Set heap-based overflow", "credits": [{"lang": "en", "type": "tool", "value": "VulDB GitHub Analyzer"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "affected": [{"vendor": "Open Asset Import Library", "modules": ["File Handler"], "product": "Assimp", "versions": [{"status": "affected", "version": "5.4.0"}, {"status": "affected", "version": "5.4.1"}, {"status": "affected", "version": "5.4.2"}, {"status": "affected", "version": "5.4.3"}]}], "timeline": [{"lang": "en", "time": "2025-04-13T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-04-13T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-04-13T19:50:27.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.304589", "name": "VDB-304589 | Open Asset Import Library Assimp File types.h Set heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.304589", "name": "VDB-304589 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.546413", "name": "Submit #546413 | Open Asset Import Library Assimp v5.4.3 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6068", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/19580584/aiString_Set-hbo.zip", "tags": ["exploit"]}, {"url": "https://github.com/assimp/assimp/pull/6073", "tags": ["issue-tracking", "patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Open Asset Import Library Assimp bis 5.4.3 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion aiString::Set in der Bibliothek include/assimp/types.h der Komponente File Handler. Durch Beeinflussen mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-14T02:31:05.592Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3548", "state": "PUBLISHED", "dateUpdated": "2025-04-14T14:56:10.933Z", "dateReserved": "2025-04-13T17:45:16.448Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-04-14T02:31:05.592Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."}], "id": "CVE-2025-3548", "lastModified": "2025-04-14T03:15:16.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-04-14T03:15:16.640", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/assimp/assimp/issues/6068"}, {"source": "cna@vuldb.com", "url": "https://github.com/assimp/assimp/pull/6073"}, {"source": "cna@vuldb.com", "url": "https://github.com/user-attachments/files/19580584/aiString_Set-hbo.zip"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.304589"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.304589"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.546413"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "Assimp: Open Asset Import Library Assimp File types.h Set heap-based overflow", "id": "2359372", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359372"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "(CWE-119|CWE-122)", "details": ["A flaw was found in Open Asset Import Library Assimp. This issue affects the aiString::Set function in the library, include/assimp/types.h of the component File Handler. Manipulation leads to a heap-based buffer overflow."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-3548", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "qt5-qt3d", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-14T02:31:05Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-3548\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-3548\nhttps://github.com/assimp/assimp/issues/6068\nhttps://github.com/assimp/assimp/pull/6073\nhttps://github.com/user-attachments/files/19580584/aiString_Set-hbo.zip\nhttps://vuldb.com/?ctiid.304589\nhttps://vuldb.com/?id.304589\nhttps://vuldb.com/?submit.546413"], "threat_severity": "Moderate"}