{"affected":[{"ecosystem_specific":{"binaries":[{"assimp-devel":"5.3.1-bp156.3.9.1","libassimp5":"5.3.1-bp156.3.9.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP6","name":"assimp","purl":"pkg:rpm/suse/assimp&distro=SUSE%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.3.1-bp156.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"assimp-devel":"5.3.1-bp156.3.9.1","libassimp5":"5.3.1-bp156.3.9.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"assimp","purl":"pkg:rpm/opensuse/assimp&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.3.1-bp156.3.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for assimp fixes the following issues:\n\n- CVE-2024-48425: Fixed SEGV in Assimp:SplitLargeMeshesProcess_Triangle:UpdateNode (boo#1232324)\n- CVE-2024-48423: Fixed a arbitrary code execution via CallbackToLogRedirector() (boo#1232322)\n- CVE-2024-48424: Fixed a heap-buffer-overflow in OpenDDLParser:parseStructure() (boo#1232323)\n- CVE-2024-53425: Fixed a heap-based buffer overflow in SkipSpacesAndLineEnd() (boo#1233633)\n- CVE-2025-2592: Fixed a heap-based buffer overflow in Assimp::CSMImporter::InternReadFile() (boo#1239916)\n- CVE-2025-3015: Fixed out-of-bounds read caused by manipulation of the argument mIndices (boo#1240412)\n- CVE-2025-3016: Fixed a denial of service caused by manipulation of the argument mWidth/mHeight (boo#1240413)\n- CVE-2025-2591: Fixed a denial of service in code/AssetLib/MDL/MDLLoader.cpp (boo#1239920)\n- CVE-2025-2151: Fixed a stack-based buffer overflow in Assimp::GetNextLine() (boo#1239220)\n","id":"openSUSE-SU-2025:0113-1","modified":"2025-04-02T16:31:31Z","published":"2025-04-02T16:31:31Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GUXUVZ7SBZK5ZFR45B223UXCWUMD4XQD/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232322"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232323"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232324"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233633"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239220"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239916"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239920"},{"type":"REPORT","url":"https://bugzilla.suse.com/1240412"},{"type":"REPORT","url":"https://bugzilla.suse.com/1240413"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-48423"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-48424"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-48425"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-53425"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-2151"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-2591"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-2592"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-3015"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-3016"}],"related":["CVE-2024-48423","CVE-2024-48424","CVE-2024-48425","CVE-2024-53425","CVE-2025-2151","CVE-2025-2591","CVE-2025-2592","CVE-2025-3015","CVE-2025-3016"],"summary":"Security update for assimp","upstream":["CVE-2024-48423","CVE-2024-48424","CVE-2024-48425","CVE-2024-53425","CVE-2025-2151","CVE-2025-2591","CVE-2025-2592","CVE-2025-3015","CVE-2025-3016"]}