PYSEC-2025-176

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/pyassimp/PYSEC-2025-176.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2025-176
Aliases
Published
2025-05-26T05:15:19.387Z
Modified
2026-05-21T15:00:28.937168923Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::InternReadFile3DGSMDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

References

Affected packages

PyPI / pyassimp

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
5.4.3

Affected versions

0.*
0.1
3.*
3.3
4.*
4.1.1
4.1.2
4.1.3
4.1.4
5.*
5.2.5

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/pyassimp/PYSEC-2025-176.yaml"