Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

openSUSE 15-SP6: 2025:0113-1 important: assimp fixes nine issues

opensuse
Calendar Grey April 2, 2025
Dist Opensuse Esm H88
A significant Fedora update tackles various security flaws in OpenSSL, improving overall system reliability and protection.
An update that fixes 9 vulnerabilities is now available

Description

This update for assimp fixes the following issues:

- CVE-2024-48425: Fixed SEGV in

Assimp:SplitLargeMeshesProcess_Triangle:UpdateNode (boo#1232324)

- CVE-2024-48423: Fixed a arbitrary code execution via

CallbackToLogRedirector() (boo#1232322)

- CVE-2024-48424: Fixed a heap-buffer-overflow in

OpenDDLParser:parseStructure() (boo#1232323)

- CVE-2024-53425: Fixed a heap-based buffer overflow in

SkipSpacesAndLineEnd() (boo#1233633)

- CVE-2025-2592: Fixed a heap-based buffer overflow in

Assimp::CSMImporter::InternReadFile() (boo#1239916)

- CVE-2025-3015: Fixed out-of-bounds read caused by manipulation of the

argument mIndices (boo#1240412)

- CVE-2025-3016: Fixed a denial of service caused by manipulation of the

argument mWidth/mHeight (boo#1240413)

- CVE-2025-2591: Fixed a denial of service in

code/AssetLib/MDL/MDLLoader.cpp (boo#1239920)

- CVE-2025-2151: Fixed a stack-based buffer overflow in

Assimp::GetNextLine()...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-113=1

Package List

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64):

assimp-devel-5.3.1-bp156.3.9.1

libassimp5-5.3.1-bp156.3.9.1

References

https://www.suse.com/security/cve/CVE-2024-48423.html

https://www.suse.com/security/cve/CVE-2024-48424.html

https://www.suse.com/security/cve/CVE-2024-48425.html

https://www.suse.com/security/cve/CVE-2024-53425.html

https://www.suse.com/security/cve/CVE-2025-2151.html

https://www.suse.com/security/cve/CVE-2025-2591.html

https://www.suse.com/security/cve/CVE-2025-2592.html

https://www.suse.com/security/cve/CVE-2025-3015.html

https://www.suse.com/security/cve/CVE-2025-3016.html

https://bugzilla.suse.com/1232322

https://bugzilla.suse.com/1232323

https://bugzilla.suse.com/1232324

https://bugzilla.suse.com/1233633

https://bugzilla.suse.com/1239220

https://bugzilla.suse.com/1239916

https://bugzilla.suse.com/1239920

https://bugzilla.suse.com/1240412

https://bugzilla.suse.com/1240413

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2025:0113-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP6 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here