{"url":"http://public2.vulnerablecode.io/api/packages/88472?format=json","purl":"pkg:deb/debian/assimp@5.2.5~ds0-1?distro=trixie","type":"deb","namespace":"debian","name":"assimp","version":"5.2.5~ds0-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.3.1+ds-2","latest_non_vulnerable_version":"6.0.5+ds-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58807?format=json","vulnerability_id":"VCID-2769-cud9-hkcn","summary":"A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2690e354da0c681db000cfd892a55226788f2743. It is recommended to apply a patch to fix this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2592.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2592.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2592","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21733","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21725","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21841","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21783","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21829","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2592"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2592"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102222","reference_id":"1102222","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102222"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2354071","reference_id":"2354071","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2354071"},{"reference_url":"https://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743","reference_id":"2690e354da0c681db000cfd892a55226788f2743","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:25:53Z/"}],"url":"https://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743"},{"reference_url":"https://github.com/assimp/assimp/issues/6010","reference_id":"6010","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:25:53Z/"}],"url":"https://github.com/assimp/assimp/issues/6010"},{"reference_url":"https://github.com/assimp/assimp/issues/6010#issue-2877368110","reference_id":"6010#issue-2877368110","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:25:53Z/"}],"url":"https://github.com/assimp/assimp/issues/6010#issue-2877368110"},{"reference_url":"https://github.com/assimp/assimp/pull/6052","reference_id":"6052","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:25:53Z/"}],"url":"https://github.com/assimp/assimp/pull/6052"},{"reference_url":"https://vuldb.com/?ctiid.300575","reference_id":"?ctiid.300575","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:25:53Z/"}],"url":"https://vuldb.com/?ctiid.300575"},{"reference_url":"https://vuldb.com/?id.300575","reference_id":"?id.300575","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:25:53Z/"}],"url":"https://vuldb.com/?id.300575"},{"reference_url":"https://vuldb.com/?submit.517782","reference_id":"?submit.517782","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:25:53Z/"}],"url":"https://vuldb.com/?submit.517782"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-2592"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2769-cud9-hkcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36991?format=json","vulnerability_id":"VCID-37k7-tuwy-dyct","summary":"A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2152","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28678","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28615","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28608","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28641","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28719","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2152"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/assimp/assimp/issues/6027","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:23:55Z/"}],"url":"https://github.com/assimp/assimp/issues/6027"},{"reference_url":"https://github.com/assimp/assimp/issues/6027#issue-2877629241","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:23:55Z/"}],"url":"https://github.com/assimp/assimp/issues/6027#issue-2877629241"},{"reference_url":"https://vuldb.com/?ctiid.299063","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:23:55Z/"}],"url":"https://vuldb.com/?ctiid.299063"},{"reference_url":"https://vuldb.com/?id.299063","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:23:55Z/"}],"url":"https://vuldb.com/?id.299063"},{"reference_url":"https://vuldb.com/?submit.510818","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T14:23:55Z/"}],"url":"https://vuldb.com/?submit.510818"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100438","reference_id":"1100438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100438"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-2152","PYSEC-2025-159"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37k7-tuwy-dyct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58804?format=json","vulnerability_id":"VCID-4tm6-dy3n-augf","summary":"Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40724","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29867","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29776","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29764","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29798","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.2983","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40724","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40724"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/assimp/assimp/pull/5651/commits/614911bb3b1bfc3a1799ae2b3cca306270f3fb97","reference_id":"614911bb3b1bfc3a1799ae2b3cca306270f3fb97","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T14:51:24Z/"}],"url":"https://github.com/assimp/assimp/pull/5651/commits/614911bb3b1bfc3a1799ae2b3cca306270f3fb97"},{"reference_url":"https://jvn.jp/en/jp/JVN87710540/","reference_id":"JVN87710540","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T14:51:24Z/"}],"url":"https://jvn.jp/en/jp/JVN87710540/"},{"reference_url":"https://github.com/assimp/assimp/releases/tag/v5.4.2","reference_id":"v5.4.2","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T14:51:24Z/"}],"url":"https://github.com/assimp/assimp/releases/tag/v5.4.2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88479?format=json","purl":"pkg:deb/debian/assimp@5.4.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.4.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88477?format=json","purl":"pkg:deb/debian/assimp@5.4.3%2Bds-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2769-cud9-hkcn"},{"vulnerability":"VCID-37k7-tuwy-dyct"},{"vulnerability":"VCID-4tm8-3wd9-dqf9"},{"vulnerability":"VCID-5tf3-by7a-f3at"},{"vulnerability":"VCID-5x44-jvd4-syhe"},{"vulnerability":"VCID-6x7b-64wc-33em"},{"vulnerability":"VCID-861s-k1uk-bqbx"},{"vulnerability":"VCID-8rpj-m2sm-eyf3"},{"vulnerability":"VCID-d6x7-b6gs-1fb1"},{"vulnerability":"VCID-djgx-f6hj-vqg2"},{"vulnerability":"VCID-du1h-yess-hbg5"},{"vulnerability":"VCID-fdr7-fg84-wfeq"},{"vulnerability":"VCID-g1qd-w5jb-cyf9"},{"vulnerability":"VCID-hj74-hb41-tqa6"},{"vulnerability":"VCID-j9xp-r2a3-s3b2"},{"vulnerability":"VCID-mbgu-qpfy-zqhn"},{"vulnerability":"VCID-prr7-2dq5-yue8"},{"vulnerability":"VCID-qc5z-gf33-n3fr"},{"vulnerability":"VCID-rjmg-96sd-cbec"},{"vulnerability":"VCID-spgf-2f8x-hugb"},{"vulnerability":"VCID-vd98-9xk6-nyah"},{"vulnerability":"VCID-wwrp-xbcf-q7ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.4.3%252Bds-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2024-40724"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4tm6-dy3n-augf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37016?format=json","vulnerability_id":"VCID-4tm8-3wd9-dqf9","summary":"A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2591","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10426","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10343","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10403","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10445","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10319","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2591"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/assimp/assimp/issues/6009","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:26:18Z/"}],"url":"https://github.com/assimp/assimp/issues/6009"},{"reference_url":"https://github.com/assimp/assimp/issues/6009#issue-2877367021","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:26:18Z/"}],"url":"https://github.com/assimp/assimp/issues/6009#issue-2877367021"},{"reference_url":"https://github.com/assimp/assimp/pull/6047","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:26:18Z/"}],"url":"https://github.com/assimp/assimp/pull/6047"},{"reference_url":"https://github.com/assimp/assimp/pull/6047/commits/ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:26:18Z/"}],"url":"https://github.com/assimp/assimp/pull/6047/commits/ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd"},{"reference_url":"https://vuldb.com/?ctiid.300574","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:26:18Z/"}],"url":"https://vuldb.com/?ctiid.300574"},{"reference_url":"https://vuldb.com/?id.300574","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:26:18Z/"}],"url":"https://vuldb.com/?id.300574"},{"reference_url":"https://vuldb.com/?submit.517781","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:26:18Z/"}],"url":"https://vuldb.com/?submit.517781"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102221","reference_id":"1102221","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102221"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-2591","PYSEC-2025-160"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4tm8-3wd9-dqf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37038?format=json","vulnerability_id":"VCID-5tf3-by7a-f3at","summary":"A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3158.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3158.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3158","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18774","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18876","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18756","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18836","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3158"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/assimp/assimp/issues/6023","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T15:22:28Z/"}],"url":"https://github.com/assimp/assimp/issues/6023"},{"reference_url":"https://github.com/assimp/assimp/issues/6023#issue-2877381000","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T15:22:28Z/"}],"url":"https://github.com/assimp/assimp/issues/6023#issue-2877381000"},{"reference_url":"https://vuldb.com/?ctiid.303104","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T15:22:28Z/"}],"url":"https://vuldb.com/?ctiid.303104"},{"reference_url":"https://vuldb.com/?id.303104","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T15:22:28Z/"}],"url":"https://vuldb.com/?id.303104"},{"reference_url":"https://vuldb.com/?submit.542246","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T15:22:28Z/"}],"url":"https://vuldb.com/?submit.542246"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102204","reference_id":"1102204","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102204"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2357196","reference_id":"2357196","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2357196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12842","reference_id":"RHSA-2025:12842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15347","reference_id":"RHSA-2025:15347","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15347"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15407","reference_id":"RHSA-2025:15407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15463","reference_id":"RHSA-2025:15463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15463"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-3158","PYSEC-2025-169"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5tf3-by7a-f3at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37064?format=json","vulnerability_id":"VCID-5x44-jvd4-syhe","summary":"A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5165.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5165.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5165","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29242","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29298","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29229","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29263","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29333","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5165"},{"reference_url":"https://github.com/assimp/assimp/issues/6128","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:20:03Z/"}],"url":"https://github.com/assimp/assimp/issues/6128"},{"reference_url":"https://github.com/assimp/assimp/issues/6167","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:20:03Z/"}],"url":"https://github.com/assimp/assimp/issues/6167"},{"reference_url":"https://github.com/user-attachments/files/20204942/reproducer.zip","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:20:03Z/"}],"url":"https://github.com/user-attachments/files/20204942/reproducer.zip"},{"reference_url":"https://vuldb.com/?ctiid.310253","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:20:03Z/"}],"url":"https://vuldb.com/?ctiid.310253"},{"reference_url":"https://vuldb.com/?id.310253","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:20:03Z/"}],"url":"https://vuldb.com/?id.310253"},{"reference_url":"https://vuldb.com/?submit.578000","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:20:03Z/"}],"url":"https://vuldb.com/?submit.578000"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106591","reference_id":"1106591","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106591"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368517","reference_id":"2368517","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368517"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88482?format=json","purl":"pkg:deb/debian/assimp@6.0.3%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.3%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-5165","PYSEC-2025-172"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5x44-jvd4-syhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36905?format=json","vulnerability_id":"VCID-6x7b-64wc-33em","summary":"A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48425.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48425.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48425","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22733","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22826","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.2278","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.2273","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22841","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48425"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48425","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48425"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/assimp/assimp/issues/5791","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T18:18:50Z/"}],"url":"https://github.com/assimp/assimp/issues/5791"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086044","reference_id":"1086044","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086044"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321631","reference_id":"2321631","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321631"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2024-48425","PYSEC-2024-293"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6x7b-64wc-33em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37065?format=json","vulnerability_id":"VCID-861s-k1uk-bqbx","summary":"A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5166.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5166.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5166","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29242","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29229","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29298","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29333","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29263","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5166"},{"reference_url":"https://github.com/assimp/assimp/issues/6128","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:19:55Z/"}],"url":"https://github.com/assimp/assimp/issues/6128"},{"reference_url":"https://github.com/assimp/assimp/issues/6168","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:19:55Z/"}],"url":"https://github.com/assimp/assimp/issues/6168"},{"reference_url":"https://github.com/user-attachments/files/20208318/reproducer.zip","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:19:55Z/"}],"url":"https://github.com/user-attachments/files/20208318/reproducer.zip"},{"reference_url":"https://vuldb.com/?ctiid.310254","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:19:55Z/"}],"url":"https://vuldb.com/?ctiid.310254"},{"reference_url":"https://vuldb.com/?id.310254","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:19:55Z/"}],"url":"https://vuldb.com/?id.310254"},{"reference_url":"https://vuldb.com/?submit.578001","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T14:19:55Z/"}],"url":"https://vuldb.com/?submit.578001"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106592","reference_id":"1106592","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368508","reference_id":"2368508","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368508"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88482?format=json","purl":"pkg:deb/debian/assimp@6.0.3%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.3%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-5166","PYSEC-2025-173"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-861s-k1uk-bqbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37045?format=json","vulnerability_id":"VCID-8rpj-m2sm-eyf3","summary":"A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3549.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3549.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3549","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23317","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23207","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23303","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23258","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23203","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3549"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/assimp/assimp/issues/6070","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:41:34Z/"}],"url":"https://github.com/assimp/assimp/issues/6070"},{"reference_url":"https://github.com/user-attachments/files/19580481/Assimp_MD3Importer_ValidateSurfaceHeaderOffsets-hbo.zip","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:41:34Z/"}],"url":"https://github.com/user-attachments/files/19580481/Assimp_MD3Importer_ValidateSurfaceHeaderOffsets-hbo.zip"},{"reference_url":"https://vuldb.com/?ctiid.304590","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:41:34Z/"}],"url":"https://vuldb.com/?ctiid.304590"},{"reference_url":"https://vuldb.com/?id.304590","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:41:34Z/"}],"url":"https://vuldb.com/?id.304590"},{"reference_url":"https://vuldb.com/?submit.546414","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:41:34Z/"}],"url":"https://vuldb.com/?submit.546414"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103444","reference_id":"1103444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103444"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359377","reference_id":"2359377","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359377"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88482?format=json","purl":"pkg:deb/debian/assimp@6.0.3%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.3%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-3549","PYSEC-2025-171"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8rpj-m2sm-eyf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58805?format=json","vulnerability_id":"VCID-bksb-5e47-rqh2","summary":"Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45679","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24876","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24994","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24982","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24926","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24869","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45679"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://jvn.jp/en/jp/JVN42386607/","reference_id":"JVN42386607","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T15:25:14Z/"}],"url":"https://jvn.jp/en/jp/JVN42386607/"},{"reference_url":"https://github.com/assimp/assimp/releases/tag/v5.4.3","reference_id":"v5.4.3","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T15:25:14Z/"}],"url":"https://github.com/assimp/assimp/releases/tag/v5.4.3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88480?format=json","purl":"pkg:deb/debian/assimp@5.4.0%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.4.0%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88477?format=json","purl":"pkg:deb/debian/assimp@5.4.3%2Bds-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2769-cud9-hkcn"},{"vulnerability":"VCID-37k7-tuwy-dyct"},{"vulnerability":"VCID-4tm8-3wd9-dqf9"},{"vulnerability":"VCID-5tf3-by7a-f3at"},{"vulnerability":"VCID-5x44-jvd4-syhe"},{"vulnerability":"VCID-6x7b-64wc-33em"},{"vulnerability":"VCID-861s-k1uk-bqbx"},{"vulnerability":"VCID-8rpj-m2sm-eyf3"},{"vulnerability":"VCID-d6x7-b6gs-1fb1"},{"vulnerability":"VCID-djgx-f6hj-vqg2"},{"vulnerability":"VCID-du1h-yess-hbg5"},{"vulnerability":"VCID-fdr7-fg84-wfeq"},{"vulnerability":"VCID-g1qd-w5jb-cyf9"},{"vulnerability":"VCID-hj74-hb41-tqa6"},{"vulnerability":"VCID-j9xp-r2a3-s3b2"},{"vulnerability":"VCID-mbgu-qpfy-zqhn"},{"vulnerability":"VCID-prr7-2dq5-yue8"},{"vulnerability":"VCID-qc5z-gf33-n3fr"},{"vulnerability":"VCID-rjmg-96sd-cbec"},{"vulnerability":"VCID-spgf-2f8x-hugb"},{"vulnerability":"VCID-vd98-9xk6-nyah"},{"vulnerability":"VCID-wwrp-xbcf-q7ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.4.3%252Bds-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2024-45679"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bksb-5e47-rqh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37017?format=json","vulnerability_id":"VCID-d6x7-b6gs-1fb1","summary":"A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2750","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25222","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25125","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25114","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25172","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25238","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2750"},{"reference_url":"https://github.com/assimp/assimp/issues/6011","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T17:36:47Z/"}],"url":"https://github.com/assimp/assimp/issues/6011"},{"reference_url":"https://github.com/assimp/assimp/issues/6011#issue-2877369004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T17:36:47Z/"}],"url":"https://github.com/assimp/assimp/issues/6011#issue-2877369004"},{"reference_url":"https://vuldb.com/?ctiid.300855","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T17:36:47Z/"}],"url":"https://vuldb.com/?ctiid.300855"},{"reference_url":"https://vuldb.com/?id.300855","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T17:36:47Z/"}],"url":"https://vuldb.com/?id.300855"},{"reference_url":"https://vuldb.com/?submit.517783","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T17:36:47Z/"}],"url":"https://vuldb.com/?submit.517783"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101496","reference_id":"1101496","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101496"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-2750","PYSEC-2025-161"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6x7-b6gs-1fb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37018?format=json","vulnerability_id":"VCID-djgx-f6hj-vqg2","summary":"A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation of the argument na leads to out-of-bounds read. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2751","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18946","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18855","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18834","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18907","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2751"},{"reference_url":"https://github.com/assimp/assimp/issues/6012","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T17:34:28Z/"}],"url":"https://github.com/assimp/assimp/issues/6012"},{"reference_url":"https://github.com/assimp/assimp/issues/6012#issue-2877369817","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T17:34:28Z/"}],"url":"https://github.com/assimp/assimp/issues/6012#issue-2877369817"},{"reference_url":"https://vuldb.com/?ctiid.300856","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T17:34:28Z/"}],"url":"https://vuldb.com/?ctiid.300856"},{"reference_url":"https://vuldb.com/?id.300856","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T17:34:28Z/"}],"url":"https://vuldb.com/?id.300856"},{"reference_url":"https://vuldb.com/?submit.517785","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T17:34:28Z/"}],"url":"https://vuldb.com/?submit.517785"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101495","reference_id":"1101495","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101495"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-2751","PYSEC-2025-162"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-djgx-f6hj-vqg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58808?format=json","vulnerability_id":"VCID-du1h-yess-hbg5","summary":"A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0 is able to address this issue. The patch is named 7c705fde418d68cca4e8eff56be01b2617b0d6fe. It is recommended to apply a patch to fix this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3015","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33081","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33062","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33094","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33132","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33118","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3015"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102234","reference_id":"1102234","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102234"},{"reference_url":"https://github.com/assimp/assimp/issues/6021","reference_id":"6021","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T21:20:52Z/"}],"url":"https://github.com/assimp/assimp/issues/6021"},{"reference_url":"https://github.com/assimp/assimp/issues/6021#issue-2877378829","reference_id":"6021#issue-2877378829","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T21:20:52Z/"}],"url":"https://github.com/assimp/assimp/issues/6021#issue-2877378829"},{"reference_url":"https://github.com/assimp/assimp/pull/6045","reference_id":"6045","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T21:20:52Z/"}],"url":"https://github.com/assimp/assimp/pull/6045"},{"reference_url":"https://github.com/assimp/assimp/commit/7c705fde418d68cca4e8eff56be01b2617b0d6fe","reference_id":"7c705fde418d68cca4e8eff56be01b2617b0d6fe","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T21:20:52Z/"}],"url":"https://github.com/assimp/assimp/commit/7c705fde418d68cca4e8eff56be01b2617b0d6fe"},{"reference_url":"https://vuldb.com/?ctiid.302067","reference_id":"?ctiid.302067","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T21:20:52Z/"}],"url":"https://vuldb.com/?ctiid.302067"},{"reference_url":"https://vuldb.com/?id.302067","reference_id":"?id.302067","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T21:20:52Z/"}],"url":"https://vuldb.com/?id.302067"},{"reference_url":"https://vuldb.com/?submit.524589","reference_id":"?submit.524589","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T21:20:52Z/"}],"url":"https://vuldb.com/?submit.524589"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-3015"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-du1h-yess-hbg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58812?format=json","vulnerability_id":"VCID-fdr7-fg84-wfeq","summary":"A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3548.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3548.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3548","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11826","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11941","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11936","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11898","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11816","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3548"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103443","reference_id":"1103443","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103443"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359372","reference_id":"2359372","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359372"},{"reference_url":"https://github.com/assimp/assimp/issues/6068","reference_id":"6068","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:55:47Z/"}],"url":"https://github.com/assimp/assimp/issues/6068"},{"reference_url":"https://github.com/assimp/assimp/pull/6073","reference_id":"6073","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:55:47Z/"}],"url":"https://github.com/assimp/assimp/pull/6073"},{"reference_url":"https://github.com/user-attachments/files/19580584/aiString_Set-hbo.zip","reference_id":"aiString_Set-hbo.zip","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:55:47Z/"}],"url":"https://github.com/user-attachments/files/19580584/aiString_Set-hbo.zip"},{"reference_url":"https://vuldb.com/?ctiid.304589","reference_id":"?ctiid.304589","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:55:47Z/"}],"url":"https://vuldb.com/?ctiid.304589"},{"reference_url":"https://vuldb.com/?id.304589","reference_id":"?id.304589","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:55:47Z/"}],"url":"https://vuldb.com/?id.304589"},{"reference_url":"https://vuldb.com/?submit.546413","reference_id":"?submit.546413","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:55:47Z/"}],"url":"https://vuldb.com/?submit.546413"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-3548"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fdr7-fg84-wfeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58810?format=json","vulnerability_id":"VCID-g1qd-w5jb-cyf9","summary":"A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is e8a6286542924e628e02749c4f5ac4f91fdae71b. It is recommended to apply a patch to fix this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3159.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3159.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3159","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12416","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12387","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12469","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12506","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12505","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3159"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102205","reference_id":"1102205","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102205"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2357216","reference_id":"2357216","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2357216"},{"reference_url":"https://github.com/assimp/assimp/issues/6024","reference_id":"6024","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:40:59Z/"}],"url":"https://github.com/assimp/assimp/issues/6024"},{"reference_url":"https://github.com/assimp/assimp/issues/6024#issue-2877382033","reference_id":"6024#issue-2877382033","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:40:59Z/"}],"url":"https://github.com/assimp/assimp/issues/6024#issue-2877382033"},{"reference_url":"https://github.com/assimp/assimp/pull/6051","reference_id":"6051","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:40:59Z/"}],"url":"https://github.com/assimp/assimp/pull/6051"},{"reference_url":"https://vuldb.com/?ctiid.303105","reference_id":"?ctiid.303105","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:40:59Z/"}],"url":"https://vuldb.com/?ctiid.303105"},{"reference_url":"https://github.com/tellypresence/assimp/commit/e8a6286542924e628e02749c4f5ac4f91fdae71b","reference_id":"e8a6286542924e628e02749c4f5ac4f91fdae71b","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:40:59Z/"}],"url":"https://github.com/tellypresence/assimp/commit/e8a6286542924e628e02749c4f5ac4f91fdae71b"},{"reference_url":"https://vuldb.com/?id.303105","reference_id":"?id.303105","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:40:59Z/"}],"url":"https://vuldb.com/?id.303105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12842","reference_id":"RHSA-2025:12842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15347","reference_id":"RHSA-2025:15347","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15347"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15407","reference_id":"RHSA-2025:15407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15463","reference_id":"RHSA-2025:15463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15463"},{"reference_url":"https://vuldb.com/?submit.542247","reference_id":"?submit.542247","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:40:59Z/"}],"url":"https://vuldb.com/?submit.542247"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-3159"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g1qd-w5jb-cyf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36904?format=json","vulnerability_id":"VCID-hj74-hb41-tqa6","summary":"A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48424.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48424.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48424","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09666","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09715","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09689","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09631","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09696","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48424"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48424","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48424"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/assimp/assimp/issues/5787","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T17:49:53Z/"}],"url":"https://github.com/assimp/assimp/issues/5787"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086045","reference_id":"1086045","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086045"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321628","reference_id":"2321628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321628"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2024-48424","PYSEC-2024-292"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hj74-hb41-tqa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58811?format=json","vulnerability_id":"VCID-j9xp-r2a3-s3b2","summary":"A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as a0993658f40d8e13ff5823990c30b43c82a5daf0. It is recommended to apply a patch to fix this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3160.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3160","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15711","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15693","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15829","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15778","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15819","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3160"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102206","reference_id":"1102206","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102206"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2357217","reference_id":"2357217","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2357217"},{"reference_url":"https://github.com/assimp/assimp/issues/6025","reference_id":"6025","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:43:06Z/"}],"url":"https://github.com/assimp/assimp/issues/6025"},{"reference_url":"https://github.com/assimp/assimp/issues/6025#issue-2877385383","reference_id":"6025#issue-2877385383","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:43:06Z/"}],"url":"https://github.com/assimp/assimp/issues/6025#issue-2877385383"},{"reference_url":"https://github.com/assimp/assimp/pull/6049","reference_id":"6049","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:43:06Z/"}],"url":"https://github.com/assimp/assimp/pull/6049"},{"reference_url":"https://github.com/assimp/assimp/commit/a0993658f40d8e13ff5823990c30b43c82a5daf0","reference_id":"a0993658f40d8e13ff5823990c30b43c82a5daf0","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:43:06Z/"}],"url":"https://github.com/assimp/assimp/commit/a0993658f40d8e13ff5823990c30b43c82a5daf0"},{"reference_url":"https://vuldb.com/?ctiid.303106","reference_id":"?ctiid.303106","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:43:06Z/"}],"url":"https://vuldb.com/?ctiid.303106"},{"reference_url":"https://vuldb.com/?id.303106","reference_id":"?id.303106","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:43:06Z/"}],"url":"https://vuldb.com/?id.303106"},{"reference_url":"https://vuldb.com/?submit.542248","reference_id":"?submit.542248","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:43:06Z/"}],"url":"https://vuldb.com/?submit.542248"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-3160"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j9xp-r2a3-s3b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37132?format=json","vulnerability_id":"VCID-mbgu-qpfy-zqhn","summary":"A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11277.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11277","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10303","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.104","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10274","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1036","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10381","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11277"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/assimp/assimp/issues/6358","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T20:09:08Z/"}],"url":"https://github.com/assimp/assimp/issues/6358"},{"reference_url":"https://github.com/user-attachments/files/22422643/poc.zip","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T20:09:08Z/"}],"url":"https://github.com/user-attachments/files/22422643/poc.zip"},{"reference_url":"https://vuldb.com/?ctiid.327011","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T20:09:08Z/"}],"url":"https://vuldb.com/?ctiid.327011"},{"reference_url":"https://vuldb.com/?id.327011","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T20:09:08Z/"}],"url":"https://vuldb.com/?id.327011"},{"reference_url":"https://vuldb.com/?submit.658912","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T20:09:08Z/"}],"url":"https://vuldb.com/?submit.658912"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117693","reference_id":"1117693","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117693"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401622","reference_id":"2401622","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401622"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19911","reference_id":"RHSA-2025:19911","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19911"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20963","reference_id":"RHSA-2025:20963","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22361","reference_id":"RHSA-2025:22361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22413","reference_id":"RHSA-2025:22413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22414","reference_id":"RHSA-2025:22414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22549","reference_id":"RHSA-2025:22549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22663","reference_id":"RHSA-2025:22663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22663"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88482?format=json","purl":"pkg:deb/debian/assimp@6.0.3%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.3%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-11277","PYSEC-2025-157"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbgu-qpfy-zqhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37024?format=json","vulnerability_id":"VCID-prr7-2dq5-yue8","summary":"A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AI_MD5_PARSE_STRING_IN_QUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2757","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28678","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28615","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28608","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28641","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28719","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2757"},{"reference_url":"https://github.com/assimp/assimp/issues/6019","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:25:33Z/"}],"url":"https://github.com/assimp/assimp/issues/6019"},{"reference_url":"https://github.com/assimp/assimp/issues/6019#issue-2877376386","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:25:33Z/"}],"url":"https://github.com/assimp/assimp/issues/6019#issue-2877376386"},{"reference_url":"https://vuldb.com/?ctiid.300862","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:25:33Z/"}],"url":"https://vuldb.com/?ctiid.300862"},{"reference_url":"https://vuldb.com/?id.300862","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:25:33Z/"}],"url":"https://vuldb.com/?id.300862"},{"reference_url":"https://vuldb.com/?submit.517817","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:25:33Z/"}],"url":"https://vuldb.com/?submit.517817"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102228","reference_id":"1102228","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102228"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-2757","PYSEC-2025-168"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-prr7-2dq5-yue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36989?format=json","vulnerability_id":"VCID-qc5z-gf33-n3fr","summary":"A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2151","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4295","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42939","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42987","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42998","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42976","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2151"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2151","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2151"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/assimp/assimp/issues/6016","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T13:35:23Z/"}],"url":"https://github.com/assimp/assimp/issues/6016"},{"reference_url":"https://github.com/assimp/assimp/issues/6026","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T13:35:23Z/"}],"url":"https://github.com/assimp/assimp/issues/6026"},{"reference_url":"https://github.com/sae-as-me/Crashes/raw/refs/heads/main/assimp/assimp_crash_1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T13:35:23Z/"}],"url":"https://github.com/sae-as-me/Crashes/raw/refs/heads/main/assimp/assimp_crash_1"},{"reference_url":"https://vuldb.com/?ctiid.299062","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T13:35:23Z/"}],"url":"https://vuldb.com/?ctiid.299062"},{"reference_url":"https://vuldb.com/?id.299062","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T13:35:23Z/"}],"url":"https://vuldb.com/?id.299062"},{"reference_url":"https://vuldb.com/?submit.510582","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T13:35:23Z/"}],"url":"https://vuldb.com/?submit.510582"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100439","reference_id":"1100439","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100439"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-2151","PYSEC-2025-158"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qc5z-gf33-n3fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36903?format=json","vulnerability_id":"VCID-rjmg-96sd-cbec","summary":"An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48423.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48423.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48423","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19377","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19423","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19352","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19472","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19465","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48423"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/assimp/assimp/issues/5788","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/assimp/assimp/issues/5788"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086046","reference_id":"1086046","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086046"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321643","reference_id":"2321643","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321643"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2024-48423","PYSEC-2024-120"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rjmg-96sd-cbec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37039?format=json","vulnerability_id":"VCID-spgf-2f8x-hugb","summary":"A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3196.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3196","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12569","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12539","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12655","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1262","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12651","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3196"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/assimp/assimp/issues/6069","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T14:36:56Z/"}],"url":"https://github.com/assimp/assimp/issues/6069"},{"reference_url":"https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T14:36:56Z/"}],"url":"https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425"},{"reference_url":"https://github.com/assimp/assimp/milestone/11","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T14:36:56Z/"}],"url":"https://github.com/assimp/assimp/milestone/11"},{"reference_url":"https://vuldb.com/?ctiid.303150","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T14:36:56Z/"}],"url":"https://vuldb.com/?ctiid.303150"},{"reference_url":"https://vuldb.com/?id.303150","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T14:36:56Z/"}],"url":"https://vuldb.com/?id.303150"},{"reference_url":"https://vuldb.com/?submit.545368","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T14:36:56Z/"}],"url":"https://vuldb.com/?submit.545368"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102207","reference_id":"1102207","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102207"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2357356","reference_id":"2357356","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2357356"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-3196","PYSEC-2025-170"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-spgf-2f8x-hugb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36938?format=json","vulnerability_id":"VCID-vd98-9xk6-nyah","summary":"A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53425.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53425.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53425","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03852","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03868","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03855","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03832","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53425"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53425","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53425"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/assimp/assimp/issues/5860","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T17:51:37Z/"}],"url":"https://github.com/assimp/assimp/issues/5860"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088187","reference_id":"1088187","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088187"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2327803","reference_id":"2327803","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2327803"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2024-53425","PYSEC-2024-295"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vd98-9xk6-nyah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58809?format=json","vulnerability_id":"VCID-wwrp-xbcf-q7ff","summary":"A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument mWidth/mHeight leads to resource consumption. The attack can be initiated remotely. Upgrading to version 6.0 is able to address this issue. The name of the patch is 5d2a7482312db2e866439a8c05a07ce1e718bed1. It is recommended to apply a patch to fix this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3016","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25951","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25845","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25841","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25898","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25943","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3016"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3016","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3016"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102235","reference_id":"1102235","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102235"},{"reference_url":"https://github.com/assimp/assimp/commit/5d2a7482312db2e866439a8c05a07ce1e718bed1","reference_id":"5d2a7482312db2e866439a8c05a07ce1e718bed1","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T21:19:23Z/"}],"url":"https://github.com/assimp/assimp/commit/5d2a7482312db2e866439a8c05a07ce1e718bed1"},{"reference_url":"https://github.com/assimp/assimp/issues/6022","reference_id":"6022","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T21:19:23Z/"}],"url":"https://github.com/assimp/assimp/issues/6022"},{"reference_url":"https://github.com/assimp/assimp/pull/6046","reference_id":"6046","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T21:19:23Z/"}],"url":"https://github.com/assimp/assimp/pull/6046"},{"reference_url":"https://vuldb.com/?ctiid.302068","reference_id":"?ctiid.302068","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T21:19:23Z/"}],"url":"https://vuldb.com/?ctiid.302068"},{"reference_url":"https://vuldb.com/?id.302068","reference_id":"?id.302068","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T21:19:23Z/"}],"url":"https://vuldb.com/?id.302068"},{"reference_url":"https://vuldb.com/?submit.524593","reference_id":"?submit.524593","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T21:19:23Z/"}],"url":"https://vuldb.com/?submit.524593"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88481?format=json","purl":"pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2025-3016"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwrp-xbcf-q7ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36358?format=json","vulnerability_id":"VCID-zwgq-5655-8uhv","summary":"An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45748","reference_id":"","reference_type":"","scores":[{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54943","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54885","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54924","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54944","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54952","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45748"},{"reference_url":"https://github.com/assimp/assimp/issues/4286","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-03T15:24:21Z/"}],"url":"https://github.com/assimp/assimp/issues/4286"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029833","reference_id":"1029833","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029833"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45748","reference_id":"CVE-2022-45748","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45748"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88478?format=json","purl":"pkg:deb/debian/assimp@5.3.1%2Bds-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.3.1%252Bds-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88477?format=json","purl":"pkg:deb/debian/assimp@5.4.3%2Bds-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2769-cud9-hkcn"},{"vulnerability":"VCID-37k7-tuwy-dyct"},{"vulnerability":"VCID-4tm8-3wd9-dqf9"},{"vulnerability":"VCID-5tf3-by7a-f3at"},{"vulnerability":"VCID-5x44-jvd4-syhe"},{"vulnerability":"VCID-6x7b-64wc-33em"},{"vulnerability":"VCID-861s-k1uk-bqbx"},{"vulnerability":"VCID-8rpj-m2sm-eyf3"},{"vulnerability":"VCID-d6x7-b6gs-1fb1"},{"vulnerability":"VCID-djgx-f6hj-vqg2"},{"vulnerability":"VCID-du1h-yess-hbg5"},{"vulnerability":"VCID-fdr7-fg84-wfeq"},{"vulnerability":"VCID-g1qd-w5jb-cyf9"},{"vulnerability":"VCID-hj74-hb41-tqa6"},{"vulnerability":"VCID-j9xp-r2a3-s3b2"},{"vulnerability":"VCID-mbgu-qpfy-zqhn"},{"vulnerability":"VCID-prr7-2dq5-yue8"},{"vulnerability":"VCID-qc5z-gf33-n3fr"},{"vulnerability":"VCID-rjmg-96sd-cbec"},{"vulnerability":"VCID-spgf-2f8x-hugb"},{"vulnerability":"VCID-vd98-9xk6-nyah"},{"vulnerability":"VCID-wwrp-xbcf-q7ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.4.3%252Bds-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2022-45748","PYSEC-2023-290"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwgq-5655-8uhv"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35943?format=json","vulnerability_id":"VCID-rt1t-abqu-ryhh","summary":"Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45948","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43394","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43443","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4342","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43385","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43361","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43434","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45948"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416"},{"reference_url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202210-01","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://security.gentoo.org/glsa/202210-01"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45948","reference_id":"CVE-2021-45948","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45948"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88475?format=json","purl":"pkg:deb/debian/assimp@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88474?format=json","purl":"pkg:deb/debian/assimp@5.0.1~ds0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2769-cud9-hkcn"},{"vulnerability":"VCID-37k7-tuwy-dyct"},{"vulnerability":"VCID-4tm6-dy3n-augf"},{"vulnerability":"VCID-4tm8-3wd9-dqf9"},{"vulnerability":"VCID-5tf3-by7a-f3at"},{"vulnerability":"VCID-5x44-jvd4-syhe"},{"vulnerability":"VCID-6x7b-64wc-33em"},{"vulnerability":"VCID-861s-k1uk-bqbx"},{"vulnerability":"VCID-8rpj-m2sm-eyf3"},{"vulnerability":"VCID-bksb-5e47-rqh2"},{"vulnerability":"VCID-d6x7-b6gs-1fb1"},{"vulnerability":"VCID-djgx-f6hj-vqg2"},{"vulnerability":"VCID-du1h-yess-hbg5"},{"vulnerability":"VCID-fdr7-fg84-wfeq"},{"vulnerability":"VCID-g1qd-w5jb-cyf9"},{"vulnerability":"VCID-hj74-hb41-tqa6"},{"vulnerability":"VCID-j9xp-r2a3-s3b2"},{"vulnerability":"VCID-mbgu-qpfy-zqhn"},{"vulnerability":"VCID-prr7-2dq5-yue8"},{"vulnerability":"VCID-qc5z-gf33-n3fr"},{"vulnerability":"VCID-rjmg-96sd-cbec"},{"vulnerability":"VCID-spgf-2f8x-hugb"},{"vulnerability":"VCID-vd98-9xk6-nyah"},{"vulnerability":"VCID-wwrp-xbcf-q7ff"},{"vulnerability":"VCID-zwgq-5655-8uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.0.1~ds0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88473?format=json","purl":"pkg:deb/debian/assimp@5.1.1~ds0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.1.1~ds0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88472?format=json","purl":"pkg:deb/debian/assimp@5.2.5~ds0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2769-cud9-hkcn"},{"vulnerability":"VCID-37k7-tuwy-dyct"},{"vulnerability":"VCID-4tm6-dy3n-augf"},{"vulnerability":"VCID-4tm8-3wd9-dqf9"},{"vulnerability":"VCID-5tf3-by7a-f3at"},{"vulnerability":"VCID-5x44-jvd4-syhe"},{"vulnerability":"VCID-6x7b-64wc-33em"},{"vulnerability":"VCID-861s-k1uk-bqbx"},{"vulnerability":"VCID-8rpj-m2sm-eyf3"},{"vulnerability":"VCID-bksb-5e47-rqh2"},{"vulnerability":"VCID-d6x7-b6gs-1fb1"},{"vulnerability":"VCID-djgx-f6hj-vqg2"},{"vulnerability":"VCID-du1h-yess-hbg5"},{"vulnerability":"VCID-fdr7-fg84-wfeq"},{"vulnerability":"VCID-g1qd-w5jb-cyf9"},{"vulnerability":"VCID-hj74-hb41-tqa6"},{"vulnerability":"VCID-j9xp-r2a3-s3b2"},{"vulnerability":"VCID-mbgu-qpfy-zqhn"},{"vulnerability":"VCID-prr7-2dq5-yue8"},{"vulnerability":"VCID-qc5z-gf33-n3fr"},{"vulnerability":"VCID-rjmg-96sd-cbec"},{"vulnerability":"VCID-spgf-2f8x-hugb"},{"vulnerability":"VCID-vd98-9xk6-nyah"},{"vulnerability":"VCID-wwrp-xbcf-q7ff"},{"vulnerability":"VCID-zwgq-5655-8uhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.2.5~ds0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88477?format=json","purl":"pkg:deb/debian/assimp@5.4.3%2Bds-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2769-cud9-hkcn"},{"vulnerability":"VCID-37k7-tuwy-dyct"},{"vulnerability":"VCID-4tm8-3wd9-dqf9"},{"vulnerability":"VCID-5tf3-by7a-f3at"},{"vulnerability":"VCID-5x44-jvd4-syhe"},{"vulnerability":"VCID-6x7b-64wc-33em"},{"vulnerability":"VCID-861s-k1uk-bqbx"},{"vulnerability":"VCID-8rpj-m2sm-eyf3"},{"vulnerability":"VCID-d6x7-b6gs-1fb1"},{"vulnerability":"VCID-djgx-f6hj-vqg2"},{"vulnerability":"VCID-du1h-yess-hbg5"},{"vulnerability":"VCID-fdr7-fg84-wfeq"},{"vulnerability":"VCID-g1qd-w5jb-cyf9"},{"vulnerability":"VCID-hj74-hb41-tqa6"},{"vulnerability":"VCID-j9xp-r2a3-s3b2"},{"vulnerability":"VCID-mbgu-qpfy-zqhn"},{"vulnerability":"VCID-prr7-2dq5-yue8"},{"vulnerability":"VCID-qc5z-gf33-n3fr"},{"vulnerability":"VCID-rjmg-96sd-cbec"},{"vulnerability":"VCID-spgf-2f8x-hugb"},{"vulnerability":"VCID-vd98-9xk6-nyah"},{"vulnerability":"VCID-wwrp-xbcf-q7ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.4.3%252Bds-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88476?format=json","purl":"pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie"}],"aliases":["CVE-2021-45948","PYSEC-2022-43148"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rt1t-abqu-ryhh"}],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.2.5~ds0-1%3Fdistro=trixie"}