What is the severity of CVE-2025-3196?

CVE-2025-3196 is classified as a critical vulnerability.

How do I fix CVE-2025-3196?

To fix CVE-2025-3196, update to the latest version of Open Asset Import Library Assimp that addresses this vulnerability.

What component is affected by CVE-2025-3196?

CVE-2025-3196 affects the malformed file handler in the Assimp::MD2Importer::InternReadFile function.

What versions of Assimp are impacted by CVE-2025-3196?

CVE-2025-3196 specifically impacts version 5.4.3 of Open Asset Import Library Assimp.

What type of vulnerability is CVE-2025-3196?

CVE-2025-3196 is a vulnerability related to improper handling of malformed files.

Vulnerability/
CVE-2025-3196

medium

5.3

CWE

121 119

EPSS

0.014%

4/4/2025

7/4/2025

CVE-2025-3196: Open Asset Import Library Assimp Malformed File MD2Loader.cpp InternReadFile stack-based overflow

First published: Fri Apr 04 2025(Updated: )

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Credit: cna@vuldb.com

Affected Software	Affected Version	How to fix
Open Asset Import Library (Assimp)

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-3196?
CVE-2025-3196 is classified as a critical vulnerability.
How do I fix CVE-2025-3196?
To fix CVE-2025-3196, update to the latest version of Open Asset Import Library Assimp that addresses this vulnerability.
What component is affected by CVE-2025-3196?
CVE-2025-3196 affects the malformed file handler in the Assimp::MD2Importer::InternReadFile function.
What versions of Assimp are impacted by CVE-2025-3196?
CVE-2025-3196 specifically impacts version 5.4.3 of Open Asset Import Library Assimp.
What type of vulnerability is CVE-2025-3196?
CVE-2025-3196 is a vulnerability related to improper handling of malformed files.

collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/references
agent/description
agent/type
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/author
agent/severity
agent/event
collector/epss-latest
source/FIRST
agent/source
agent/epss
agent/tags
vendor/open asset import library
canonical/open asset import library (assimp)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.