Vulnerability Description
A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFile_Quake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Assimp | Assimp | < 5.4.3 |
Related Weaknesses (CWE)
References
- https://github.com/assimp/assimp/issues/6128Issue Tracking
- https://github.com/assimp/assimp/issues/6172ExploitIssue Tracking
- https://github.com/user-attachments/files/20208985/line-452-reproducer.zipExploit
- https://vuldb.com/?ctiid.310289Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.310289Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.578005Third Party AdvisoryVDB Entry
- https://github.com/assimp/assimp/issues/6172ExploitIssue Tracking
FAQ
What is CVE-2025-5200?
CVE-2025-5200 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFile_Quake1 of the file assimp/code/AssetLib/M...
How severe is CVE-2025-5200?
CVE-2025-5200 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5200?
Check the references section above for vendor advisories and patch information. Affected products include: Assimp Assimp.