5.5
CVE-2025-2591
- EPSS 0.6%
- Veröffentlicht 21.03.2025 13:31:08
- Zuletzt bearbeitet 17.07.2025 21:53:55
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginOpen Asset Import Library Assimp MDLLoader.cpp InternReadFile_Quake1 divide by zero
A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.44 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| cna@vuldb.com | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
|
| cna@vuldb.com | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-369 Divide By Zero
The product divides a value by zero.
CWE-404 Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.
https://vuldb.com/?id.300574
https://vuldb.com/?ctiid.300574
https://vuldb.com/?submit.517781
https://github.com/assimp/assimp/issues/6009
https://github.com/assimp/assimp/pull/6047
https://github.com/assimp/assimp/issues/6009#issue-2877367021
https://github.com/assimp/assimp/pull/6047/commits/ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd