Medium severity5.3NVD Advisory· Published Oct 5, 2025· Updated Apr 29, 2026
CVE-2025-11277
CVE-2025-11277
Description
A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords7 versionspkg:rpm/almalinux/qt5-qt3dpkg:rpm/almalinux/qt5-qt3d-develpkg:rpm/almalinux/qt5-qt3d-examplespkg:rpm/almalinux/qt6-qtquick3dpkg:rpm/almalinux/qt6-qtquick3d-develpkg:rpm/almalinux/qt6-qtquick3d-examplespkg:rpm/opensuse/assimp&distro=openSUSE%20Tumbleweed
< 5.15.9-2.el9_7.1+ 6 more
- (no CPE)range: < 5.15.9-2.el9_7.1
- (no CPE)range: < 5.15.9-2.el9_7.1
- (no CPE)range: < 5.15.9-2.el9_7.1
- (no CPE)range: < 6.9.1-1.el10_1.1
- (no CPE)range: < 6.9.1-1.el10_1.1
- (no CPE)range: < 6.9.1-1.el10_1.1
- (no CPE)range: < 6.0.5-3.1
Patches
Vulnerability mechanics
References
4- github.com/assimp/assimp/issues/6358nvdExploitIssue Tracking
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.