openSUSE-SU-2025:0113-1

CVE-2024-48425: Fixed SEGV in Assimp:SplitLargeMeshesProcess_Triangle:UpdateNode (boo#1232324)
CVE-2024-48423: Fixed a arbitrary code execution via CallbackToLogRedirector() (boo#1232322)
CVE-2024-48424: Fixed a heap-buffer-overflow in OpenDDLParser:parseStructure() (boo#1232323)
CVE-2024-53425: Fixed a heap-based buffer overflow in SkipSpacesAndLineEnd() (boo#1233633)
CVE-2025-2592: Fixed a heap-based buffer overflow in Assimp::CSMImporter::InternReadFile() (boo#1239916)
CVE-2025-3015: Fixed out-of-bounds read caused by manipulation of the argument mIndices (boo#1240412)
CVE-2025-3016: Fixed a denial of service caused by manipulation of the argument mWidth/mHeight (boo#1240413)
CVE-2025-2591: Fixed a denial of service in code/AssetLib/MDL/MDLLoader.cpp (boo#1239920)
CVE-2025-2151: Fixed a stack-based buffer overflow in Assimp::GetNextLine() (boo#1239220)

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.3.1-bp156.3.9.1

{
    "binaries": [
        {
            "assimp-devel": "5.3.1-bp156.3.9.1",
            "libassimp5": "5.3.1-bp156.3.9.1"
        }
    ]
}

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.3.1-bp156.3.9.1

{
    "binaries": [
        {
            "assimp-devel": "5.3.1-bp156.3.9.1",
            "libassimp5": "5.3.1-bp156.3.9.1"
        }
    ]
}