Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Assimp 5.4.3: Malicious Files Can Cause Data Corruption
MGASA-2026-0170
Summary
The Assimp software, used for importing 3D models, has a security issue. If an attacker sends a malicious file to the software, it can cause data corruption or even take control of the system. To protect your system, update to the latest version of Assimp.
What to do
- Update assimp to version 5.2.5-1.mga9.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Mageia:9 | – | assimp |
< 5.2.5-1.mga9 Fix: upgrade to 5.2.5-1.mga9
|
Original title
Updated assimp packages fix security vulnerabilities
Original description
CVE-2025-2750,- A vulnerability, which was classified as critical, was
found in Open Asset Import Library Assimp 5.4.3. This affects the
function Assimp::CSMImporter::InternReadFile of the file
code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The
manipulation leads to out-of-bounds write. It is possible to initiate
the attack remotely. The exploit has been disclosed to the public and
may be used.
CVE-2025-2757, A vulnerability classified as critical was found in Open
Asset Import Library Assimp 5.4.3. This vulnerability affects the
function AI_MD5_PARSE_STRING_IN_QUOTATION of the file
code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The
manipulation of the argument data leads to heap-based buffer overflow.
The attack can be initiated remotely. The exploit has been disclosed to
the public and may be used.
CVE-2025-2757, A vulnerability classified as critical was found in Open
Asset Import Library Assimp 5.4.3. This vulnerability affects the
function AI_MD5_PARSE_STRING_IN_QUOTATION of the file
code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The
manipulation of the argument data leads to heap-based buffer overflow.
The attack can be initiated remotely. The exploit has been disclosed to
the public and may be used.
CVE-2025-3158, A vulnerability, which was classified as critical, has
been found in Open Asset Import Library Assimp 5.4.3. Affected by this
issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of
the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File
Handler. The manipulation leads to heap-based buffer overflow. It is
possible to launch the attack on the local host. The exploit has been
disclosed to the public and may be used.
CVE-2025-3548, A vulnerability, which was classified as critical, has
been found in Open Asset Import Library Assimp up to 5.4.3. This issue
affects the function aiString::Set in the library include/assimp/types.h
of the component File Handler. The manipulation leads to heap-based
buffer overflow. It is possible to launch the attack on the local host.
The exploit has been disclosed to the public and may be used. It is
recommended to apply a patch to fix this issue.
CVE-2025-11277, A weakness has been identified in Open Asset Import
Library Assimp 6.0.2. This affects the function
Q3DImporter::InternReadFile of the file
assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can
lead to heap-based buffer overflow. The attack needs to be launched
locally. The exploit has been made available to the public and could be
used for attacks.
CVE-2025-70067, Buffer Overflow vulnerability exists in Assimp versions
up to 6.0.2 in the FBX Importer. The vulnerability occurs in
aiMaterial::AddBinaryProperty, where a property key string from a
crafted FBX file is copied into a fixed-size heap buffer using strcpy()
without runtime length validation
found in Open Asset Import Library Assimp 5.4.3. This affects the
function Assimp::CSMImporter::InternReadFile of the file
code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The
manipulation leads to out-of-bounds write. It is possible to initiate
the attack remotely. The exploit has been disclosed to the public and
may be used.
CVE-2025-2757, A vulnerability classified as critical was found in Open
Asset Import Library Assimp 5.4.3. This vulnerability affects the
function AI_MD5_PARSE_STRING_IN_QUOTATION of the file
code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The
manipulation of the argument data leads to heap-based buffer overflow.
The attack can be initiated remotely. The exploit has been disclosed to
the public and may be used.
CVE-2025-2757, A vulnerability classified as critical was found in Open
Asset Import Library Assimp 5.4.3. This vulnerability affects the
function AI_MD5_PARSE_STRING_IN_QUOTATION of the file
code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The
manipulation of the argument data leads to heap-based buffer overflow.
The attack can be initiated remotely. The exploit has been disclosed to
the public and may be used.
CVE-2025-3158, A vulnerability, which was classified as critical, has
been found in Open Asset Import Library Assimp 5.4.3. Affected by this
issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of
the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File
Handler. The manipulation leads to heap-based buffer overflow. It is
possible to launch the attack on the local host. The exploit has been
disclosed to the public and may be used.
CVE-2025-3548, A vulnerability, which was classified as critical, has
been found in Open Asset Import Library Assimp up to 5.4.3. This issue
affects the function aiString::Set in the library include/assimp/types.h
of the component File Handler. The manipulation leads to heap-based
buffer overflow. It is possible to launch the attack on the local host.
The exploit has been disclosed to the public and may be used. It is
recommended to apply a patch to fix this issue.
CVE-2025-11277, A weakness has been identified in Open Asset Import
Library Assimp 6.0.2. This affects the function
Q3DImporter::InternReadFile of the file
assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can
lead to heap-based buffer overflow. The attack needs to be launched
locally. The exploit has been made available to the public and could be
used for attacks.
CVE-2025-70067, Buffer Overflow vulnerability exists in Assimp versions
up to 6.0.2 in the FBX Importer. The vulnerability occurs in
aiMaterial::AddBinaryProperty, where a property key string from a
crafted FBX file is copied into a fixed-size heap buffer using strcpy()
without runtime length validation
Published: 2 Jun 2026 · Updated: 2 Jun 2026 · First seen: 2 Jun 2026