Source: assimp Version: 6.0.2+ds-1 Severity: important Tags: security upstream Forwarded: https://github.com/assimp/assimp/issues/6258 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for assimp. CVE-2025-15538[0]: | A security vulnerability has been detected in Open Asset Import | Library Assimp up to 6.0.2. Affected by this vulnerability is the | function Assimp::LWOImporter::FindUVChannels of the file | /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation | leads to use after free. The attack needs to be performed locally. | The exploit has been disclosed publicly and may be used. This and | similar defects are tracked and handled via issue #6128. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-15538 https://www.cve.org/CVERecord?id=CVE-2025-15538 [1] https://github.com/assimp/assimp/issues/6258 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
