SUSE Package Hub - SUSE-PackageHub-16.0-787

Update Info

SUSE-PackageHub-16.0-787

Security update for assimp

Type: security

Severity: important

Issued: 2026-05-19

Description:

This update for assimp fixes the following issues

- CVE-2025-2151: vulnerability affects the function Assimp: GetNextLine in the library ParsingUtils.h (bsc#1239220).
- CVE-2025-2591: division by zero in code/AssetLib/MDL/MDLLoader.cpp (bsc#1239920).
- CVE-2025-2592: heap-based buffer overflow in Assimp: CSMImporter: InternReadFile of code/AssetLib/CSM/CSMLoader.cpp
  (bsc#1239916).
- CVE-2025-3015: manipulation of the argument mIndices leads to out-of-bounds read (bsc#1240412).
- CVE-2025-3548: processing of malformed files may leads to an out-of-bounds read and potential application crash
  (bsc#1241367).

References

CVE: CVE-2025-3548
CVE: CVE-2025-3015
CVE: CVE-2025-2592
CVE: CVE-2025-2591
CVE: CVE-2025-2151
Bugzilla: 1241367 VUL-0: CVE-2025-3548: assimp: assimp: processing of malformed files may leads to an out-of-bounds read and potential application crash.
Bugzilla: 1240412 VUL-0: CVE-2025-3015: assimp: manipulation of the argument mIndices leads to out-of-bounds read
Bugzilla: 1239920 VUL-0: CVE-2025-2591: assimp: assimp: division by zero in code/AssetLib/MDL/MDLLoader.cpp
Bugzilla: 1239916 VUL-0: CVE-2025-2592: assimp: assimp: heap-based buffer overflow in Assimp::CSMImporter::InternReadFile of code/AssetLib/CSM/CSMLoader.cpp
Bugzilla: 1239220 VUL-0: CVE-2025-2151: assimp: vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h

Packages

assimp-5.4.3-160000.3.1