OSV-2025-280

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2025-280.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-280
Published
2025-04-15T00:04:03.423453Z
Modified
2025-12-09T14:21:06.535503Z
Summary
Heap-buffer-overflow in Assimp::SceneCombiner::CopyScene
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=410393968

Crash type: Heap-buffer-overflow READ {*}
Crash state:
Assimp::SceneCombiner::CopyScene
Assimp::Exporter::Export
Assimp::Exporter::ExportToBlob
References

Affected packages

OSS-Fuzz / assimp

Package

Name
assimp
Purl
pkg:generic/assimp

Affected ranges

Type
GIT
Repo
https://github.com/assimp/assimp.git
Events
Introduced
9d6b32f5c5118e67e99d4be3087f49ad0b7660de

Affected versions

Other

master

v5.*

v5.3.0
v5.3.1
v5.4.0
v5.4.1
v5.4.2
v5.4.3

v6.*

v6.0.0
v6.0.1
v6.0.2

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

introduced_range

"41102eeda6aa1461a5f4a52a743b2a4133732f9c:0c4d5909f8ca1931f3ca5c66ab5f0c37ea2efc2e"