{
  "threat_severity" : "Moderate",
  "public_date" : "2025-10-05T00:02:07Z",
  "bugzilla" : {
    "description" : "assimp: Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile allocation of resources",
    "id" : "2401615",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401615"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-770",
  "details" : [ "A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation causes allocation of resources. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized.", "A flaw was found in the assimp library. Processing a specially crafted input file can trigger an unlimited memory allocation due to a missing input validation, causing a crash to the application linked to the library and resulting in a denial of service." ],
  "statement" : "To exploit this issue, an attacker needs to be able to process a specially crafted input file with the application linked to the assimp library. Additionally, the only security impact of this vulnerability is a denial of service. Due to these reasons, this flaw has been rated with a moderate severity.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "qt6-qtquick3d",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "qt5-qt3d",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-11274\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-11274\nhttps://github.com/assimp/assimp/issues/6356\nhttps://vuldb.com/?id.327008\nhttps://vuldb.com/?submit.658075" ],
  "name" : "CVE-2025-11274",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}