CVE-2025-2591: Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_Quake1 divide by zero
First published: Fri Mar 21 2025(Updated: )
A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Open Asset Import Library (Assimp) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://vuldb.com/?id.300574
- https://vuldb.com/?ctiid.300574
- https://vuldb.com/?submit.517781
- https://github.com/assimp/assimp/issues/6009
- https://github.com/assimp/assimp/pull/6047
- https://github.com/assimp/assimp/issues/6009#issue-2877367021
- https://github.com/assimp/assimp/pull/6047/commits/ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd
Frequently Asked Questions
What is the severity of CVE-2025-2591?
CVE-2025-2591 is classified as problematic due to its potential impact on application stability.
What software is affected by CVE-2025-2591?
CVE-2025-2591 affects Open Asset Import Library Assimp version 5.4.3.
How do I fix CVE-2025-2591?
To fix CVE-2025-2591, update Open Asset Import Library Assimp to the latest version that resolves this vulnerability.
What component of Open Asset Import Library is vulnerable in CVE-2025-2591?
CVE-2025-2591 affects the function MDLImporter::InternReadFile_Quake1 in the file MDLLoader.cpp.
What kind of issue does CVE-2025-2591 introduce?
CVE-2025-2591 introduces a vulnerability that can lead to a divide error in the processing of skinwidth/skinheight parameters.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/references
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/open asset import library
- canonical/open asset import library (assimp)