CVE-2025-11275
Public on 2025-10-05
Modified on 2026-05-14
Description
A vulnerability was identified in Open Asset Import Library Assimp 6.0.2. Affected by this vulnerability is the function ODDLParser::getNextSeparator in the library assimp/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used.
Amazon Linux will not provide fixes for: CVE-2024-48426, CVE-2025-2752, CVE-2025-15538, CVE-2025-6119, CVE-2025-11275, CVE-2025-11274. These issues can only be triggered when processing specially crafted 3D model files from untrusted sources. The vulnerabilities are rated low to moderate severity and fixing them carries a high risk of regressions in 3D rendering functionality. Customers are advised to only use 3D asset files from trusted sources. No fix is planned for Amazon Linux at this time.
Amazon Linux will not provide fixes for: CVE-2024-48426, CVE-2025-2752, CVE-2025-15538, CVE-2025-6119, CVE-2025-11275, CVE-2025-11274. These issues can only be triggered when processing specially crafted 3D model files from untrusted sources. The vulnerabilities are rated low to moderate severity and fixing them carries a high risk of regressions in 3D rendering functionality. Customers are advised to only use 3D asset files from trusted sources. No fix is planned for Amazon Linux at this time.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | qt5-qt3d | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |