openSUSE-SU-2025:0113-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2025:0113-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/openSUSE-SU-2025:0113-1
- Upstream
- Related
- Published
- 2025-04-02T16:31:31Z
- Modified
- 2025-04-03T15:45:43.742454Z
- Summary
- Security update for assimp
- Details
-
This update for assimp fixes the following issues:
- CVE-2024-48425: Fixed SEGV in Assimp:SplitLargeMeshesProcess_Triangle:UpdateNode (boo#1232324)
- CVE-2024-48423: Fixed a arbitrary code execution via CallbackToLogRedirector() (boo#1232322)
- CVE-2024-48424: Fixed a heap-buffer-overflow in OpenDDLParser:parseStructure() (boo#1232323)
- CVE-2024-53425: Fixed a heap-based buffer overflow in SkipSpacesAndLineEnd() (boo#1233633)
- CVE-2025-2592: Fixed a heap-based buffer overflow in Assimp::CSMImporter::InternReadFile() (boo#1239916)
- CVE-2025-3015: Fixed out-of-bounds read caused by manipulation of the argument mIndices (boo#1240412)
- CVE-2025-3016: Fixed a denial of service caused by manipulation of the argument mWidth/mHeight (boo#1240413)
- CVE-2025-2591: Fixed a denial of service in code/AssetLib/MDL/MDLLoader.cpp (boo#1239920)
- CVE-2025-2151: Fixed a stack-based buffer overflow in Assimp::GetNextLine() (boo#1239220)
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GUXUVZ7SBZK5ZFR45B223UXCWUMD4XQD/
- https://bugzilla.suse.com/1232322
- https://bugzilla.suse.com/1232323
- https://bugzilla.suse.com/1232324
- https://bugzilla.suse.com/1233633
- https://bugzilla.suse.com/1239220
- https://bugzilla.suse.com/1239916
- https://bugzilla.suse.com/1239920
- https://bugzilla.suse.com/1240412
- https://bugzilla.suse.com/1240413
- https://www.suse.com/security/cve/CVE-2024-48423
- https://www.suse.com/security/cve/CVE-2024-48424
- https://www.suse.com/security/cve/CVE-2024-48425
- https://www.suse.com/security/cve/CVE-2024-53425
- https://www.suse.com/security/cve/CVE-2025-2151
- https://www.suse.com/security/cve/CVE-2025-2591
- https://www.suse.com/security/cve/CVE-2025-2592
- https://www.suse.com/security/cve/CVE-2025-3015
- https://www.suse.com/security/cve/CVE-2025-3016
Affected packages
SUSE:Package Hub 15 SP6 / assimp
Package
- Name
- assimp
- Purl
- pkg:rpm/suse/assimp&distro=SUSE%20Package%20Hub%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.3.1-bp156.3.9.1
openSUSE:Leap 15.6 / assimp
Package
- Name
- assimp
- Purl
- pkg:rpm/opensuse/assimp&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.3.1-bp156.3.9.1