Skip to main content

Assimp

48 CVEs product

Monthly

CVE-2026-14610 LOW POC PATCH Monitor

Heap-based buffer overflow in Assimp's CSM file handler (versions 6.0.0-6.0.5) allows a local low-privileged attacker to corrupt heap memory by supplying a crafted Character Studio Motion (CSM) file to any application that uses the library for asset import. The flaw exists in `Assimp::CSMImporter::InternReadFile` within `code/AssetLib/CSM/CSMLoader.cpp` and affects all Assimp 6.0.x releases confirmed by EUVD-2026-41601. No public exploit identified at time of analysis as a KEV entry, but a publicly available exploit code (poc.zip) exists, and the upstream patch commit is available though not yet confirmed in a tagged release.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-14604 LOW POC Monitor

Double-free heap corruption in Open Asset Import Library (Assimp) through version 6.0.4 allows remote low-privileged attackers to corrupt process memory by supplying a maliciously crafted PLY 3D model file to the ExportToBlob function in the PLY Model Handler. A publicly available proof-of-concept exploit was disclosed alongside the report. The CVSS 4.0 score of 5.3 (Medium) reflects limited confidentiality, integrity, and availability impact on the vulnerable system, though CWE-415 double-free conditions in C++ libraries carry latent potential for escalated impact depending on memory layout and heap state at runtime.

Information Disclosure Assimp
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-15666 LOW POC Monitor

Heap-based buffer overflow in Open Asset Import Library (Assimp) versions up to 5.4.3 allows a local attacker with low privileges to corrupt heap memory by supplying a crafted 3D model file with manipulated width or height values to the SceneCombiner::Copy function in code/Common/SceneCombiner.cpp. A public proof-of-concept exploit has been disclosed via GitHub issue #6079, elevating real-world risk despite the local-only attack vector. No confirmed patched release has been independently verified at time of analysis, and exploitation conditions require only low-privilege local access with no user interaction beyond loading the malicious file.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-10233 LOW POC Monitor

Out-of-bounds read in Assimp's Half-Life 1 MDL Loader affects all versions up to 6.0.4, enabling a local low-privileged attacker to leak memory contents by supplying a crafted MDL file that triggers faulty bounds handling in the `read_sequence_infos` function of `HL1MDLLoader.cpp`. Impact is confined to partial confidentiality loss (C:L) with no integrity or availability consequences per the CVSS vector. A publicly available proof-of-concept exploit exists (POC disclosed via GitHub), though no active exploitation has been confirmed and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10232 LOW POC Monitor

Use-after-free in Assimp's ASE File Parser - specifically the `aiNode::~aiNode` destructor in `scene.cpp` - allows a local, low-privileged attacker to corrupt heap memory, potentially causing denial of service or achieving arbitrary code execution in applications that load 3D model files. All Assimp versions through 6.0.4 are affected. A public proof-of-concept exploit (poc.zip) has been disclosed via GitHub, reducing the skill barrier for exploitation in environments where untrusted ASE-format files can be submitted for processing. No public exploit identified as confirmed actively exploited (CISA KEV) at time of analysis.

Use After Free Denial Of Service Memory Corruption Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10231 LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader allows a local authenticated attacker to corrupt memory via a crafted MDL file, potentially achieving limited confidentiality, integrity, and availability impact. Affected versions span all releases up to and including 6.0.4 of the open-source asset import library. No public exploit identified at time of analysis as active exploitation, but a proof-of-concept has been publicly released, and the CVSS temporal vector confirms exploit code existence (E:P).

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10230 LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader (versions up to 6.0.4) allows a locally authenticated attacker with low privileges to corrupt heap memory via a crafted MDL animation file, producing low-severity but confirmed confidentiality, integrity, and availability impact. The vulnerability resides in the read_animations function of HL1MDLLoader.cpp and is reproducible with publicly available exploit code (POC). This is not confirmed in CISA KEV, and the Assimp project has tagged the report as a bug rather than a security defect, which may slow patch prioritization.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10229 LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader (HL1MDLLoader::read_meshes, versions through 6.0.4) allows local attackers with low privileges to trigger memory corruption when a crafted MDL file is processed, yielding partial confidentiality, integrity, and availability impact on the host process. A publicly available proof-of-concept exploit (poc.zip) has been disclosed, raising the urgency for affected deployments that ingest untrusted HL1 model files. No actively exploited status from CISA KEV has been confirmed; the Assimp project has tagged the report as a bug rather than a formal security advisory, and no patched release version has been identified at time of analysis.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10200 LOW POC Monitor

Heap-based buffer overflow in Assimp's glTF 4x4 Matrix Parser (versions up to 6.0.4) can be triggered by a local, low-privileged attacker supplying crafted input to the `glTFCommon::CopyValue` function in `glTFCommon.h`, resulting in partial confidentiality, integrity, and availability impact. A public proof-of-concept exploit archive has been published on GitHub, confirmed by the CVSS temporal modifier E:P (proof-of-concept). No active exploitation has been confirmed (not in CISA KEV), and the CVSS remediation level RL:X indicates no official patch has been defined as of this analysis.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10199 LOW POC PATCH Monitor

Null pointer dereference in Assimp's glTF2 importer (versions up to 6.0.4) allows a local low-privileged attacker to crash any application that processes attacker-supplied 3D model files via the library. The flaw resides in the `ImportAnimations()` function, where `glTF2::LazyDict::operator[]` is invoked with animation channel node indices that are never validated for validity before dereferencing, producing a CWE-476 null pointer dereference and denial-of-service. A public proof-of-concept exploit (poc.zip) has been disclosed and an upstream patch commit is available, though no active exploitation is confirmed by CISA KEV.

Null Pointer Dereference Denial Of Service Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10198 LOW POC Monitor

Null pointer dereference in Assimp's glTF mesh importer (versions up to and including 6.0.4) allows a locally authenticated attacker with low privileges to crash any application that uses the library to process a crafted 3D model file. The flaw resides specifically in the Assimp::glTFImporter::ImportMeshes function within glTFImporter.cpp, meaning only applications that invoke the glTF import pipeline are exposed. A publicly available proof-of-concept exploit (poc.zip) has been released, though no active exploitation has been confirmed and the CVSS score of 3.3 (Low) reflects the constrained local-only, availability-only impact.

Null Pointer Dereference Denial Of Service Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15538 LOW POC PATCH Monitor

A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. [CVSS 5.3 MEDIUM]

Buffer Overflow Denial Of Service Assimp
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-11277 PyPI LOW POC Monitor

Heap-based buffer overflow in Assimp 6.0.2's Q3D file importer allows local authenticated users to cause memory corruption via crafted Q3D model files. The vulnerability affects the Q3DImporter::InternReadFile function and has publicly available exploit code, though real-world exploitation remains limited due to local access and low privilege requirement constraints. CVSS 1.9 reflects minimal confidentiality, integrity, and availability impact despite the presence of a public POC.

Buffer Overflow Assimp
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-11275 PyPI LOW POC Monitor

Heap-based buffer overflow in Open Asset Import Library Assimp 6.0.2 affects the ODDLParser::getNextSeparator function in OpenDDLParserUtils.h, allowing local attackers with low privileges to cause limited memory corruption. The vulnerability has a CVSS score of 1.9 with low confidentiality, integrity, and availability impact; however, publicly available exploit code exists and EPSS indicates minimal real-world exploitation probability (0.02% percentile 6%), suggesting this is a low-risk issue in practice despite the buffer overflow designation.

Buffer Overflow Assimp
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-11274 PyPI LOW POC Monitor

Assimp 6.0.2 Q3D file parser mishandles resource allocation in the Q3DImporter::InternReadFile function, causing denial of service through uncontrolled memory consumption when processing malformed Q3D model files. A local authenticated attacker can trigger excessive memory allocation by providing a specially crafted Q3D file, leading to process crash or system resource exhaustion. Publicly available exploit code exists, though CVSS 1.9 and EPSS 0.03% indicate minimal real-world exploitation risk.

Denial Of Service Assimp
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-5204 MEDIUM POC PATCH Monitor

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5203 MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5202 MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5201 MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5200 MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic.cpp. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5169 PyPI MEDIUM POC Monitor

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5168 PyPI MEDIUM POC Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5167 PyPI MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5166 PyPI MEDIUM POC Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-5165 PyPI MEDIUM POC Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic.cpp. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3160 PyPI MEDIUM POC PATCH This Month

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3159 PyPI MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3158 PyPI MEDIUM POC PATCH Monitor

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3016 PyPI MEDIUM POC PATCH This Month

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-3015 PyPI MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-2757 PyPI MEDIUM POC PATCH This Month

A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2756 PyPI MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2755 PyPI MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2754 PyPI MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2753 PyPI MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2752 PyPI MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic.h of the component CSM File Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-2751 PyPI MEDIUM POC PATCH This Month

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-2750 PyPI MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-2592 PyPI MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3.cpp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Assimp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-2591 PyPI MEDIUM POC PATCH This Month

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Assimp Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-53425 PyPI MEDIUM POC This Month

A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp
NVD GitHub
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-48426 PyPI MEDIUM POC This Month

A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-48425 PyPI MEDIUM POC This Month

A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-48424 PyPI MEDIUM POC This Month

A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-48423 PyPI HIGH POC This Week

An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Assimp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-46632 PyPI MEDIUM POC This Month

Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Assimp
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-45679 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Assimp
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2022-38528 MEDIUM POC This Month

Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Assimp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Heap-based buffer overflow in Assimp's CSM file handler (versions 6.0.0-6.0.5) allows a local low-privileged attacker to corrupt heap memory by supplying a crafted Character Studio Motion (CSM) file to any application that uses the library for asset import. The flaw exists in `Assimp::CSMImporter::InternReadFile` within `code/AssetLib/CSM/CSMLoader.cpp` and affects all Assimp 6.0.x releases confirmed by EUVD-2026-41601. No public exploit identified at time of analysis as a KEV entry, but a publicly available exploit code (poc.zip) exists, and the upstream patch commit is available though not yet confirmed in a tagged release.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Double-free heap corruption in Open Asset Import Library (Assimp) through version 6.0.4 allows remote low-privileged attackers to corrupt process memory by supplying a maliciously crafted PLY 3D model file to the ExportToBlob function in the PLY Model Handler. A publicly available proof-of-concept exploit was disclosed alongside the report. The CVSS 4.0 score of 5.3 (Medium) reflects limited confidentiality, integrity, and availability impact on the vulnerable system, though CWE-415 double-free conditions in C++ libraries carry latent potential for escalated impact depending on memory layout and heap state at runtime.

Information Disclosure Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Open Asset Import Library (Assimp) versions up to 5.4.3 allows a local attacker with low privileges to corrupt heap memory by supplying a crafted 3D model file with manipulated width or height values to the SceneCombiner::Copy function in code/Common/SceneCombiner.cpp. A public proof-of-concept exploit has been disclosed via GitHub issue #6079, elevating real-world risk despite the local-only attack vector. No confirmed patched release has been independently verified at time of analysis, and exploitation conditions require only low-privilege local access with no user interaction beyond loading the malicious file.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Out-of-bounds read in Assimp's Half-Life 1 MDL Loader affects all versions up to 6.0.4, enabling a local low-privileged attacker to leak memory contents by supplying a crafted MDL file that triggers faulty bounds handling in the `read_sequence_infos` function of `HL1MDLLoader.cpp`. Impact is confined to partial confidentiality loss (C:L) with no integrity or availability consequences per the CVSS vector. A publicly available proof-of-concept exploit exists (POC disclosed via GitHub), though no active exploitation has been confirmed and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Use-after-free in Assimp's ASE File Parser - specifically the `aiNode::~aiNode` destructor in `scene.cpp` - allows a local, low-privileged attacker to corrupt heap memory, potentially causing denial of service or achieving arbitrary code execution in applications that load 3D model files. All Assimp versions through 6.0.4 are affected. A public proof-of-concept exploit (poc.zip) has been disclosed via GitHub, reducing the skill barrier for exploitation in environments where untrusted ASE-format files can be submitted for processing. No public exploit identified as confirmed actively exploited (CISA KEV) at time of analysis.

Use After Free Denial Of Service Memory Corruption +1
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader allows a local authenticated attacker to corrupt memory via a crafted MDL file, potentially achieving limited confidentiality, integrity, and availability impact. Affected versions span all releases up to and including 6.0.4 of the open-source asset import library. No public exploit identified at time of analysis as active exploitation, but a proof-of-concept has been publicly released, and the CVSS temporal vector confirms exploit code existence (E:P).

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader (versions up to 6.0.4) allows a locally authenticated attacker with low privileges to corrupt heap memory via a crafted MDL animation file, producing low-severity but confirmed confidentiality, integrity, and availability impact. The vulnerability resides in the read_animations function of HL1MDLLoader.cpp and is reproducible with publicly available exploit code (POC). This is not confirmed in CISA KEV, and the Assimp project has tagged the report as a bug rather than a security defect, which may slow patch prioritization.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader (HL1MDLLoader::read_meshes, versions through 6.0.4) allows local attackers with low privileges to trigger memory corruption when a crafted MDL file is processed, yielding partial confidentiality, integrity, and availability impact on the host process. A publicly available proof-of-concept exploit (poc.zip) has been disclosed, raising the urgency for affected deployments that ingest untrusted HL1 model files. No actively exploited status from CISA KEV has been confirmed; the Assimp project has tagged the report as a bug rather than a formal security advisory, and no patched release version has been identified at time of analysis.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Assimp's glTF 4x4 Matrix Parser (versions up to 6.0.4) can be triggered by a local, low-privileged attacker supplying crafted input to the `glTFCommon::CopyValue` function in `glTFCommon.h`, resulting in partial confidentiality, integrity, and availability impact. A public proof-of-concept exploit archive has been published on GitHub, confirmed by the CVSS temporal modifier E:P (proof-of-concept). No active exploitation has been confirmed (not in CISA KEV), and the CVSS remediation level RL:X indicates no official patch has been defined as of this analysis.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Null pointer dereference in Assimp's glTF2 importer (versions up to 6.0.4) allows a local low-privileged attacker to crash any application that processes attacker-supplied 3D model files via the library. The flaw resides in the `ImportAnimations()` function, where `glTF2::LazyDict::operator[]` is invoked with animation channel node indices that are never validated for validity before dereferencing, producing a CWE-476 null pointer dereference and denial-of-service. A public proof-of-concept exploit (poc.zip) has been disclosed and an upstream patch commit is available, though no active exploitation is confirmed by CISA KEV.

Null Pointer Dereference Denial Of Service Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Null pointer dereference in Assimp's glTF mesh importer (versions up to and including 6.0.4) allows a locally authenticated attacker with low privileges to crash any application that uses the library to process a crafted 3D model file. The flaw resides specifically in the Assimp::glTFImporter::ImportMeshes function within glTFImporter.cpp, meaning only applications that invoke the glTF import pipeline are exposed. A publicly available proof-of-concept exploit (poc.zip) has been released, though no active exploitation has been confirmed and the CVSS score of 3.3 (Low) reflects the constrained local-only, availability-only impact.

Null Pointer Dereference Denial Of Service Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. [CVSS 5.3 MEDIUM]

Buffer Overflow Denial Of Service Assimp
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Assimp 6.0.2's Q3D file importer allows local authenticated users to cause memory corruption via crafted Q3D model files. The vulnerability affects the Q3DImporter::InternReadFile function and has publicly available exploit code, though real-world exploitation remains limited due to local access and low privilege requirement constraints. CVSS 1.9 reflects minimal confidentiality, integrity, and availability impact despite the presence of a public POC.

Buffer Overflow Assimp
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Open Asset Import Library Assimp 6.0.2 affects the ODDLParser::getNextSeparator function in OpenDDLParserUtils.h, allowing local attackers with low privileges to cause limited memory corruption. The vulnerability has a CVSS score of 1.9 with low confidentiality, integrity, and availability impact; however, publicly available exploit code exists and EPSS indicates minimal real-world exploitation probability (0.02% percentile 6%), suggesting this is a low-risk issue in practice despite the buffer overflow designation.

Buffer Overflow Assimp
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Assimp 6.0.2 Q3D file parser mishandles resource allocation in the Q3DImporter::InternReadFile function, causing denial of service through uncontrolled memory consumption when processing malformed Q3D model files. A local authenticated attacker can trigger excessive memory allocation by providing a specially crafted Q3D file, leading to process crash or system resource exhaustion. Publicly available exploit code exists, though CVSS 1.9 and EPSS 0.03% indicate minimal real-world exploitation risk.

Denial Of Service Assimp
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC PATCH Monitor

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic.cpp. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC Monitor

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC PATCH Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC Monitor

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic.cpp. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Assimp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Assimp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM POC PATCH Monitor

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat +1
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Assimp Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic.h of the component CSM File Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3.cpp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Assimp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Assimp Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM POC This Month

A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM POC This Month

A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Assimp
NVD GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Assimp
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy