View at Official alpine advisory, NVD, CVE.org · CVE detail
Freshness: no update timestamp found; verify against the upstream OS advisory manually.
CVE-2025-2756: 1 source package rows (assimp); 2 state rows across 2 repos (3.22-community, edge-community); fixed 0, open 2.
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.