{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3160", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-04-03T06:54:18.712Z", "datePublished": "2025-04-03T14:31:06.940Z", "dateUpdated": "2025-04-03T14:46:49.808Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-03T14:31:06.940Z"}, "title": "Open Asset Import Library Assimp File SceneCombiner.cpp AddNodeHashes out-of-bounds", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Open Asset Import Library", "product": "Assimp", "versions": [{"version": "5.4.3", "status": "affected"}], "modules": ["File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as a0993658f40d8e13ff5823990c30b43c82a5daf0. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "In Open Asset Import Library Assimp 5.4.3 wurde eine problematische Schwachstelle gefunden. Das betrifft die Funktion Assimp::SceneCombiner::AddNodeHashes der Datei code/Common/SceneCombiner.cpp der Komponente File Handler. Dank Manipulation mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als a0993658f40d8e13ff5823990c30b43c82a5daf0 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2025-04-03T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-04-03T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-04-03T08:59:26.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "d3ng03 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.303106", "name": "VDB-303106 | Open Asset Import Library Assimp File SceneCombiner.cpp AddNodeHashes out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.303106", "name": "VDB-303106 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.542248", "name": "Submit #542248 | Open Asset Import Library Assimp >=5.4.3 Out-of-Bounds Read", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6025", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/pull/6049", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/issues/6025#issue-2877385383", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/assimp/assimp/commit/a0993658f40d8e13ff5823990c30b43c82a5daf0", "tags": ["patch"]}]}, "adp": [{"references": [{"url": "https://github.com/assimp/assimp/issues/6025#issue-2877385383", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-03T14:43:06.152504Z", "id": "CVE-2025-3160", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-03T14:46:49.808Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3160", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-03T14:43:06.152504Z"}}}], "references": [{"url": "https://github.com/assimp/assimp/issues/6025#issue-2877385383", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-03T14:43:44.821Z"}}], "cna": {"title": "Open Asset Import Library Assimp File SceneCombiner.cpp AddNodeHashes out-of-bounds", "credits": [{"lang": "en", "type": "reporter", "value": "d3ng03 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N"}}], "affected": [{"vendor": "Open Asset Import Library", "modules": ["File Handler"], "product": "Assimp", "versions": [{"status": "affected", "version": "5.4.3"}]}], "timeline": [{"lang": "en", "time": "2025-04-03T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-04-03T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-04-03T08:59:26.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.303106", "name": "VDB-303106 | Open Asset Import Library Assimp File SceneCombiner.cpp AddNodeHashes out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.303106", "name": "VDB-303106 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.542248", "name": "Submit #542248 | Open Asset Import Library Assimp >=5.4.3 Out-of-Bounds Read", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6025", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/pull/6049", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/issues/6025#issue-2877385383", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/assimp/assimp/commit/a0993658f40d8e13ff5823990c30b43c82a5daf0", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as a0993658f40d8e13ff5823990c30b43c82a5daf0. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "In Open Asset Import Library Assimp 5.4.3 wurde eine problematische Schwachstelle gefunden. Das betrifft die Funktion Assimp::SceneCombiner::AddNodeHashes der Datei code/Common/SceneCombiner.cpp der Komponente File Handler. Dank Manipulation mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als a0993658f40d8e13ff5823990c30b43c82a5daf0 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-03T14:31:06.940Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3160", "state": "PUBLISHED", "dateUpdated": "2025-04-03T14:46:49.808Z", "dateReserved": "2025-04-03T06:54:18.712Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-04-03T14:31:06.940Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as a0993658f40d8e13ff5823990c30b43c82a5daf0. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en Open Asset Import Library Assimp 5.4.3, clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n Assimp::SceneCombiner::AddNodeHashes del archivo code/Common/SceneCombiner.cpp del componente File Handler. La manipulaci\u00f3n provoca lecturas fuera de los l\u00edmites. Un ataque debe abordarse localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se identifica como a0993658f40d8e13ff5823990c30b43c82a5daf0. Se recomienda aplicar un parche para solucionar este problema."}], "id": "CVE-2025-3160", "lastModified": "2025-04-07T14:18:34.453", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-04-03T15:15:52.867", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/assimp/assimp/commit/a0993658f40d8e13ff5823990c30b43c82a5daf0"}, {"source": "cna@vuldb.com", "url": "https://github.com/assimp/assimp/issues/6025"}, {"source": "cna@vuldb.com", "url": "https://github.com/assimp/assimp/issues/6025#issue-2877385383"}, {"source": "cna@vuldb.com", "url": "https://github.com/assimp/assimp/pull/6049"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.303106"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.303106"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.542248"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/assimp/assimp/issues/6025#issue-2877385383"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "assimp: Open Asset Import Library Assimp File SceneCombiner.cpp AddNodeHashes out-of-bounds", "id": "2357217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357217"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "(CWE-119|CWE-125)", "details": ["A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as a0993658f40d8e13ff5823990c30b43c82a5daf0. It is recommended to apply a patch to fix this issue.", "A flaw has been found in the Open Asset Import Library (assimp). In affected versions, a maliciously crafted file may trigger a heap-based buffer overflow, which may lead to an application crash or other undefined behavior."], "name": "CVE-2025-3160", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "qt5-qt3d", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-03T14:31:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-3160\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-3160\nhttps://github.com/assimp/assimp/commit/a0993658f40d8e13ff5823990c30b43c82a5daf0\nhttps://github.com/assimp/assimp/issues/6025\nhttps://github.com/assimp/assimp/issues/6025#issue-2877385383\nhttps://github.com/assimp/assimp/pull/6049\nhttps://vuldb.com/?ctiid.303106\nhttps://vuldb.com/?id.303106\nhttps://vuldb.com/?submit.542248"], "threat_severity": "Low"}