{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"assimp security update", "category":"general", "title":"Synopsis" }, { "text":"An update for assimp is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose.\n\nSecurity Fix(es):\n\nA weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited.(CVE-2025-11277)\n\nA vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.(CVE-2025-2152)\n\nA vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.(CVE-2025-2591)", "category":"general", "title":"Description" }, { "text":"An update for assimp is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"assimp", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1083", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1083" }, { "summary":"CVE-2025-11277", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11277&packageName=assimp" }, { "summary":"CVE-2025-2152", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2152&packageName=assimp" }, { "summary":"CVE-2025-2591", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2591&packageName=assimp" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11277" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2152" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2591" }, { "summary":"openEuler-SA-2026-1083 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1083.json" } ], "title":"An update for assimp is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2026-01-22T09:57:58+08:00", "revision_history":[ { "date":"2026-01-22T09:57:58+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-01-22T09:57:58+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-01-22T09:57:58+08:00", "id":"openEuler-SA-2026-1083", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"assimp-5.3.1-11.oe2403.aarch64.rpm", "name":"assimp-5.3.1-11.oe2403.aarch64.rpm" }, "name":"assimp-5.3.1-11.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"assimp-debuginfo-5.3.1-11.oe2403.aarch64.rpm", "name":"assimp-debuginfo-5.3.1-11.oe2403.aarch64.rpm" }, "name":"assimp-debuginfo-5.3.1-11.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"assimp-debugsource-5.3.1-11.oe2403.aarch64.rpm", "name":"assimp-debugsource-5.3.1-11.oe2403.aarch64.rpm" }, "name":"assimp-debugsource-5.3.1-11.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"assimp-devel-5.3.1-11.oe2403.aarch64.rpm", "name":"assimp-devel-5.3.1-11.oe2403.aarch64.rpm" }, "name":"assimp-devel-5.3.1-11.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"assimp-5.3.1-11.oe2403.src.rpm", "name":"assimp-5.3.1-11.oe2403.src.rpm" }, "name":"assimp-5.3.1-11.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"assimp-5.3.1-11.oe2403.x86_64.rpm", "name":"assimp-5.3.1-11.oe2403.x86_64.rpm" }, "name":"assimp-5.3.1-11.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"assimp-debuginfo-5.3.1-11.oe2403.x86_64.rpm", "name":"assimp-debuginfo-5.3.1-11.oe2403.x86_64.rpm" }, "name":"assimp-debuginfo-5.3.1-11.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"assimp-debugsource-5.3.1-11.oe2403.x86_64.rpm", "name":"assimp-debugsource-5.3.1-11.oe2403.x86_64.rpm" }, "name":"assimp-debugsource-5.3.1-11.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"assimp-devel-5.3.1-11.oe2403.x86_64.rpm", "name":"assimp-devel-5.3.1-11.oe2403.x86_64.rpm" }, "name":"assimp-devel-5.3.1-11.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"assimp-help-5.3.1-11.oe2403.noarch.rpm", "name":"assimp-help-5.3.1-11.oe2403.noarch.rpm" }, "name":"assimp-help-5.3.1-11.oe2403.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"python3-assimp-5.3.1-11.oe2403.noarch.rpm", "name":"python3-assimp-5.3.1-11.oe2403.noarch.rpm" }, "name":"python3-assimp-5.3.1-11.oe2403.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"assimp-5.3.1-11.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.aarch64", "name":"assimp-5.3.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"assimp-debuginfo-5.3.1-11.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.aarch64", "name":"assimp-debuginfo-5.3.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"assimp-debugsource-5.3.1-11.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.aarch64", "name":"assimp-debugsource-5.3.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"assimp-devel-5.3.1-11.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.aarch64", "name":"assimp-devel-5.3.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"assimp-5.3.1-11.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.src", "name":"assimp-5.3.1-11.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"assimp-5.3.1-11.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.x86_64", "name":"assimp-5.3.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"assimp-debuginfo-5.3.1-11.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.x86_64", "name":"assimp-debuginfo-5.3.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"assimp-debugsource-5.3.1-11.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.x86_64", "name":"assimp-debugsource-5.3.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"assimp-devel-5.3.1-11.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.x86_64", "name":"assimp-devel-5.3.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"assimp-help-5.3.1-11.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:assimp-help-5.3.1-11.oe2403.noarch", "name":"assimp-help-5.3.1-11.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"python3-assimp-5.3.1-11.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:python3-assimp-5.3.1-11.oe2403.noarch", "name":"python3-assimp-5.3.1-11.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-11277", "notes":[ { "text":"A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.src", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-help-5.3.1-11.oe2403.noarch", "openEuler-24.03-LTS:python3-assimp-5.3.1-11.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.src", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-help-5.3.1-11.oe2403.noarch", "openEuler-24.03-LTS:python3-assimp-5.3.1-11.oe2403.noarch" ], "details":"assimp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1083" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.src", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-help-5.3.1-11.oe2403.noarch", "openEuler-24.03-LTS:python3-assimp-5.3.1-11.oe2403.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-11277" }, { "cve":"CVE-2025-2152", "notes":[ { "text":"A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.src", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-help-5.3.1-11.oe2403.noarch", "openEuler-24.03-LTS:python3-assimp-5.3.1-11.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.src", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-help-5.3.1-11.oe2403.noarch", "openEuler-24.03-LTS:python3-assimp-5.3.1-11.oe2403.noarch" ], "details":"assimp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1083" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.src", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-help-5.3.1-11.oe2403.noarch", "openEuler-24.03-LTS:python3-assimp-5.3.1-11.oe2403.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2025-2152" }, { "cve":"CVE-2025-2591", "notes":[ { "text":"A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.src", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-help-5.3.1-11.oe2403.noarch", "openEuler-24.03-LTS:python3-assimp-5.3.1-11.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.src", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-help-5.3.1-11.oe2403.noarch", "openEuler-24.03-LTS:python3-assimp-5.3.1-11.oe2403.noarch" ], "details":"assimp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1083" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.aarch64", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.src", "openEuler-24.03-LTS:assimp-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debuginfo-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-debugsource-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-devel-5.3.1-11.oe2403.x86_64", "openEuler-24.03-LTS:assimp-help-5.3.1-11.oe2403.noarch", "openEuler-24.03-LTS:python3-assimp-5.3.1-11.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-2591" } ] }