UBUNTU-CVE-2025-15538
- Source
- https://ubuntu.com/security/CVE-2025-15538
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-15538.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-15538
- Upstream
- Published
- 2026-01-18T23:15:00Z
- Modified
- 2026-02-12T14:33:52.934545Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.
- References
Affected packages
Ubuntu:16.04:LTS
assimp
Package
- Name
- assimp
- Purl
- pkg:deb/ubuntu/assimp@3.2~dfsg-3?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.2~dfsg-3",
"binary_name": "assimp-utils"
},
{
"binary_version": "3.2~dfsg-3",
"binary_name": "libassimp-dev"
},
{
"binary_version": "3.2~dfsg-3",
"binary_name": "libassimp3v5"
},
{
"binary_version": "3.2~dfsg-3",
"binary_name": "python-pyassimp"
}
]
}Ubuntu:18.04:LTS
assimp
Package
- Name
- assimp
- Purl
- pkg:deb/ubuntu/assimp@4.1.0~dfsg-3?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.3.1~dfsg-5
3.3.1~dfsg-5ubuntu1
3.3.1~dfsg-5+build1
4.*
4.0.1~dfsg-1~exp2
4.0.1~dfsg-1
4.1.0~dfsg-1
4.1.0~dfsg-2
4.1.0~dfsg-3
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.1.0~dfsg-3",
"binary_name": "assimp-utils"
},
{
"binary_version": "4.1.0~dfsg-3",
"binary_name": "libassimp-dev"
},
{
"binary_version": "4.1.0~dfsg-3",
"binary_name": "libassimp4"
},
{
"binary_version": "4.1.0~dfsg-3",
"binary_name": "python-pyassimp"
},
{
"binary_version": "4.1.0~dfsg-3",
"binary_name": "python3-pyassimp"
}
]
}Ubuntu:20.04:LTS
assimp
Package
- Name
- assimp
- Purl
- pkg:deb/ubuntu/assimp@5.0.1~ds0-1build1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.0.1~ds0-1build1",
"binary_name": "assimp-testmodels"
},
{
"binary_version": "5.0.1~ds0-1build1",
"binary_name": "assimp-utils"
},
{
"binary_version": "5.0.1~ds0-1build1",
"binary_name": "libassimp-dev"
},
{
"binary_version": "5.0.1~ds0-1build1",
"binary_name": "libassimp5"
},
{
"binary_version": "5.0.1~ds0-1build1",
"binary_name": "python3-pyassimp"
}
]
}Ubuntu:22.04:LTS
assimp
Package
- Name
- assimp
- Purl
- pkg:deb/ubuntu/assimp@5.2.2~ds0-1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.0.1~ds0-2
5.0.1~ds0-3ubuntu1
5.1.4~ds0-1
5.1.5~ds0-1
5.1.6~ds0-1
5.2.0~ds0-2
5.2.1~ds0-1
5.2.2~ds0-1
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.2.2~ds0-1",
"binary_name": "assimp-testmodels"
},
{
"binary_version": "5.2.2~ds0-1",
"binary_name": "assimp-utils"
},
{
"binary_version": "5.2.2~ds0-1",
"binary_name": "libassimp-dev"
},
{
"binary_version": "5.2.2~ds0-1",
"binary_name": "libassimp5"
},
{
"binary_version": "5.2.2~ds0-1",
"binary_name": "python3-pyassimp"
}
]
}Ubuntu:24.04:LTS
assimp
Package
- Name
- assimp
- Purl
- pkg:deb/ubuntu/assimp@5.3.1+ds-2build1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.3.1+ds-2build1",
"binary_name": "assimp-testmodels"
},
{
"binary_version": "5.3.1+ds-2build1",
"binary_name": "assimp-utils"
},
{
"binary_version": "5.3.1+ds-2build1",
"binary_name": "libassimp-dev"
},
{
"binary_version": "5.3.1+ds-2build1",
"binary_name": "libassimp5"
},
{
"binary_version": "5.3.1+ds-2build1",
"binary_name": "python3-pyassimp"
}
]
}Ubuntu:25.10
assimp
Package
- Name
- assimp
- Purl
- pkg:deb/ubuntu/assimp@5.4.3+ds-2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.4.3+ds-2",
"binary_name": "assimp-testmodels"
},
{
"binary_version": "5.4.3+ds-2",
"binary_name": "assimp-utils"
},
{
"binary_version": "5.4.3+ds-2",
"binary_name": "libassimp-dev"
},
{
"binary_version": "5.4.3+ds-2",
"binary_name": "libassimp5"
},
{
"binary_version": "5.4.3+ds-2",
"binary_name": "python3-pyassimp"
}
]
}