CVE-2025-5168 | Open Asset Import Library Assimp 5.4.3 MDLLoader.cpp ImportUVCoordinate_3DGS_MDL345 iIndex out-of-bounds (Issue 6170)

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bounds read.

This vulnerability is handled as CVE-2025-5168. An attack has to be approached locally. Furthermore, there is an exploit available.

The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

CVE-2025-5168 | Open Asset Import Library Assimp 5.4.3 MDLLoader.cpp ImportUVCoordinate_3DGS_MDL345 iIndex out-of-bounds (Issue 6170)

Post correlati

CVE-2024-31812 | Totolink EX200 4.0.3c.7646_B20201211 getWiFiExtenderConfig information disclosure

CVE-2024-6748 | Zoho ManageEngine OpManager up to 128317 URL Monitoring sql injection

CVE-2024-6173 | Axis Communications AB AXIS OS up to 11.10 Guard Tour VAPIX API denial of service

CVE-2024-42467 | openhab-webui up to 4.2.0 server-side request forgery (GHSA-v7gr-mqpj-wwh3)