openRuyi-tutorials/buildroot
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
buildroot/package/assimp
T
History
Titouan Christophe 3c312f149b package/assimp: security bump to v6.0.2 
For release notes since version 5.4.3, see:
https://github.com/assimp/assimp/releases

This fixes the following vulnerabilities:

- CVE-2025-2750:
    A vulnerability, which was classified as critical, was found in Open
    Asset Import Library Assimp 5.4.3. This affects the function
    Assimp::CSMImporter::InternReadFile of the file
    code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The
    manipulation leads to out-of-bounds write. It is possible to initiate
    the attack remotely. The exploit has been disclosed to the public and
    may be used.
    https://www.cve.org/CVERecord?id=CVE-2025-2750

- CVE-2025-2751:
    A vulnerability has been found in Open Asset Import Library Assimp
    5.4.3 and classified as problematic. This vulnerability affects the
    function Assimp::CSMImporter::InternReadFile of the file
    code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The
    manipulation of the argument na leads to out-of-bounds read. The
    attack can be initiated remotely. The exploit has been disclosed to
    the public and may be used.
    https://www.cve.org/CVERecord?id=CVE-2025-2751

- CVE-2025-2757:
    A vulnerability classified as critical was found in Open Asset Import
    Library Assimp 5.4.3. This vulnerability affects the function
    AI_MD5_PARSE_STRING_IN_QUOTATION of the file
    code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The
    manipulation of the argument data leads to heap-based buffer overflow.
    The attack can be initiated remotely. The exploit has been disclosed
    to the public and may be used.
    https://www.cve.org/CVERecord?id=CVE-2025-2757

- CVE-2025-3158:
    A vulnerability, which was classified as critical, has been found in
    Open Asset Import Library Assimp 5.4.3. Affected by this issue is the
    function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file
    code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler.
    The manipulation leads to heap-based buffer overflow. It is possible
    to launch the attack on the local host. The exploit has been disclosed
    to the public and may be used.
    https://www.cve.org/CVERecord?id=CVE-2025-3158

Also, drop local security patches that have been applied upstream

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
[Julien: add link to relase notes]
Signed-off-by: Julien Olivain <ju.o@free.fr>
2025-07-19 15:46:10 +02:00
..
assimp.hash
package/assimp: security bump to v6.0.2
2025-07-19 15:46:10 +02:00
assimp.mk
package/assimp: security bump to v6.0.2
2025-07-19 15:46:10 +02:00
Config.in
package/assimp: needs gcc >= 7
2023-07-01 22:51:54 +02:00