{
  "threat_severity" : "Moderate",
  "public_date" : "2025-10-05T00:32:06Z",
  "bugzilla" : {
    "description" : "assimp: Open Asset Import Library Assimp OpenDDLParserUtils.h getNextSeparator heap-based overflow",
    "id" : "2401616",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401616"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-787",
  "details" : [ "A vulnerability was identified in Open Asset Import Library Assimp 6.0.2. Affected by this vulnerability is the function ODDLParser::getNextSeparator in the library assimp/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used.", "A flaw was found in assimp. Processing a specially crafted input file can trigger a heap-based buffer overflow due to a parser error, causing a crash to the application linked to the library and resulting in a denial of service." ],
  "statement" : "To exploit this issue, an attacker needs to be able to process a specially crafted input file with the application linked to the assimp library. Additionally, this issue can cause an out-of-bounds read of only 1 byte, limiting the impact of this vulnerability, potentially resulting only in a denial of service. Due to these reasons, this flaw has been rated with a moderate severity.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "qt6-qtquick3d",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "qt5-qt3d",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-11275\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-11275\nhttps://github.com/assimp/assimp/issues/6357\nhttps://vuldb.com/?id.327009\nhttps://vuldb.com/?submit.658675" ],
  "name" : "CVE-2025-11275",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}