An update for assimp is now available for openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1080 Final 1.0 1.0 2026-01-16 Initial 2026-01-16 2026-01-16 openEuler SA Tool V1.0 2026-01-16 assimp security update An update for assimp is now available for openEuler-24.03-LTS-SP3 Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fix(es): A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited.(CVE-2025-11277) A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.(CVE-2025-2152) A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.(CVE-2025-2591) An update for assimp is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical assimp https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1080 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11277 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2152 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2591 https://nvd.nist.gov/vuln/detail/CVE-2025-11277 https://nvd.nist.gov/vuln/detail/CVE-2025-2152 https://nvd.nist.gov/vuln/detail/CVE-2025-2591 openEuler-24.03-LTS-SP3 assimp-5.3.1-11.oe2403sp3.aarch64.rpm assimp-debuginfo-5.3.1-11.oe2403sp3.aarch64.rpm assimp-debugsource-5.3.1-11.oe2403sp3.aarch64.rpm assimp-devel-5.3.1-11.oe2403sp3.aarch64.rpm assimp-5.3.1-11.oe2403sp3.src.rpm assimp-5.3.1-11.oe2403sp3.x86_64.rpm assimp-debuginfo-5.3.1-11.oe2403sp3.x86_64.rpm assimp-debugsource-5.3.1-11.oe2403sp3.x86_64.rpm assimp-devel-5.3.1-11.oe2403sp3.x86_64.rpm assimp-help-5.3.1-11.oe2403sp3.noarch.rpm python3-assimp-5.3.1-11.oe2403sp3.noarch.rpm A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. 2026-01-16 CVE-2025-11277 openEuler-24.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H assimp security update 2026-01-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1080 A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2026-01-16 CVE-2025-2152 openEuler-24.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H assimp security update 2026-01-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1080 A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue. 2026-01-16 CVE-2025-2591 openEuler-24.03-LTS-SP3 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H assimp security update 2026-01-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1080