PYSEC-2025-170

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pyassimp/PYSEC-2025-170.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2025-170

Aliases

CVE-2025-3196

Published

2025-04-04T02:15:18.627Z

Modified

2026-05-20T18:24:50.888516750Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

References

Affected packages

PyPI / pyassimp

Package

Name: pyassimp; View open source insights on deps.dev
Purl: pkg:pypi/pyassimp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

None

None

Affected versions

0.*

0.1

3.*

3.3

4.*

4.1.1

4.1.2

4.1.3

4.1.4

5.*

5.2.5

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/pyassimp/PYSEC-2025-170.yaml"