CVE-2025-5166 | Open Asset Import Library Assimp 5.4.3 MDC File Parser MDCLoader.cpp InternReadFile pcVerts out-of-bounds

May 25, 2025 Yanac

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to out-of-bounds read.

This vulnerability is traded as CVE-2025-5166. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.VulDB Recent EntriesRead More