This update for assimp fixes the following issues:
- CVE-2024-48425: Fixed SEGV in
Assimp:SplitLargeMeshesProcess_Triangle:UpdateNode (boo#1232324)
- CVE-2024-48423: Fixed a arbitrary code execution via
CallbackToLogRedirector() (boo#1232322)
- CVE-2024-48424: Fixed a heap-buffer-overflow in
OpenDDLParser:parseStructure() (boo#1232323)
- CVE-2024-53425: Fixed a heap-based buffer overflow in
SkipSpacesAndLineEnd() (boo#1233633)
- CVE-2025-2592: Fixed a heap-based buffer overflow in
Assimp::CSMImporter::InternReadFile() (boo#1239916)
- CVE-2025-3015: Fixed out-of-bounds read caused by manipulation of the
argument mIndices (boo#1240412)
- CVE-2025-3016: Fixed a denial of service caused by manipulation of the
argument mWidth/mHeight (boo#1240413)
- CVE-2025-2591: Fixed a denial of service in
code/AssetLib/MDL/MDLLoader.cpp (boo#1239920)
- CVE-2025-2151: Fixed a stack-based buffer overflow in
Assimp::GetNextLine()...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2025-113=1
- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64):
assimp-devel-5.3.1-bp156.3.9.1
libassimp5-5.3.1-bp156.3.9.1
https://www.suse.com/security/cve/CVE-2024-48423.html
https://www.suse.com/security/cve/CVE-2024-48424.html
https://www.suse.com/security/cve/CVE-2024-48425.html
https://www.suse.com/security/cve/CVE-2024-53425.html
https://www.suse.com/security/cve/CVE-2025-2151.html
https://www.suse.com/security/cve/CVE-2025-2591.html
https://www.suse.com/security/cve/CVE-2025-2592.html
https://www.suse.com/security/cve/CVE-2025-3015.html
https://www.suse.com/security/cve/CVE-2025-3016.html
https://bugzilla.suse.com/1232322
https://bugzilla.suse.com/1232323
https://bugzilla.suse.com/1232324
https://bugzilla.suse.com/1233633
https://bugzilla.suse.com/1239220
https://bugzilla.suse.com/1239916
https://bugzilla.suse.com/1239920
https://bugzilla.suse.com/1240412
https://bugzilla.suse.com/1240413
Get the latest Linux and open source security news straight to your inbox.