CVE-2025-15666
Received Received - Intake

Heap-based Buffer Overflow in Open Asset Import Library Assimp

Vulnerability report for CVE-2025-15666, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: VulDB

Description

A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the file code/Common/SceneCombiner.cpp of the component Model File Handler. Such manipulation of the argument width/height leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
assimp open_asset_import_library to 5.4.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-15666 is a heap-based buffer overflow vulnerability in the Open Asset Import Library (Assimp) up to version 5.4.3.

The vulnerability exists in the function Assimp::SceneCombiner::Copy located in the file code/Common/SceneCombiner.cpp. It occurs because the function does not properly validate memory boundaries before performing a memcpy operation, which leads to out-of-bounds memory access.

This flaw can be triggered by processing malformed input files, causing crashes or other unintended behavior.

Impact Analysis

Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause a denial of service (DoS) by crashing the application.

Since the attack must be approached locally, an attacker needs local access to the system to exploit this issue.

Detection Guidance

This vulnerability can be detected by monitoring for crashes or abnormal behavior in applications using the Assimp library version 5.4.3 when processing model files. Since the flaw is triggered by malformed input files causing a heap-based buffer overflow in the Assimp::SceneCombiner::Copy function, fuzzing techniques or specialized input validation tools can help identify the issue.

There are no specific network detection commands provided, as the attack must be approached locally and involves processing of local files.

Suggested commands to detect potential exploitation or crashes might include running the vulnerable application under a debugger or using memory error detection tools such as AddressSanitizer or Valgrind to catch out-of-bounds memory accesses during file processing.

Mitigation Strategies

Immediate mitigation steps include updating the Assimp library to a version later than 5.4.3 where this vulnerability is fixed.

Until an update is applied, avoid processing untrusted or malformed model files with the vulnerable Assimp version to prevent triggering the heap-based buffer overflow.

Additionally, running applications with least privilege and employing memory protection tools can reduce the impact of potential exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15666. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart