Detections
Analytics

CVE-2025-5203

medium

Description

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function SkipSpaces in the library assimp/include/assimp/ParsingUtils.h. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

References

https://vuldb.com/?submit.578012

https://vuldb.com/?id.310292

https://vuldb.com/?ctiid.310292

https://github.com/user-attachments/files/20209469/reproducer.zip

https://github.com/assimp/assimp/issues/6175

https://github.com/assimp/assimp/issues/6128

Details

Source: Mitre, NVD

Published: 2025-05-26

Updated: 2025-05-28

Risk Information

CVSS v2

Base Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 3.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Severity: Low

CVSS v4

Base Score: 4.8

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00013