CVE-2025-11274
Public on 2025-10-05
Modified on 2026-05-14
Description
A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation causes allocation of resources. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized.
Amazon Linux will not provide fixes for: CVE-2024-48426, CVE-2025-2752, CVE-2025-15538, CVE-2025-6119, CVE-2025-11275, CVE-2025-11274. These issues can only be triggered when processing specially crafted 3D model files from untrusted sources. The vulnerabilities are rated low to moderate severity and fixing them carries a high risk of regressions in 3D rendering functionality. Customers are advised to only use 3D asset files from trusted sources. No fix is planned for Amazon Linux at this time.
Amazon Linux will not provide fixes for: CVE-2024-48426, CVE-2025-2752, CVE-2025-15538, CVE-2025-6119, CVE-2025-11275, CVE-2025-11274. These issues can only be triggered when processing specially crafted 3D model files from untrusted sources. The vulnerabilities are rated low to moderate severity and fixing them carries a high risk of regressions in 3D rendering functionality. Customers are advised to only use 3D asset files from trusted sources. No fix is planned for Amazon Linux at this time.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | qt5-qt3d | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| NVD | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |