CVE-2025-2752
Public on 2025-03-25
Modified on 2026-05-14
Description
A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function fast_atoreal_move in the library include/assimp/fast_atof.h of the component CSM File Handler. The manipulation leads to out-of-bounds read. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Amazon Linux will not provide fixes for: CVE-2024-48426, CVE-2025-2752, CVE-2025-15538, CVE-2025-6119, CVE-2025-11275, CVE-2025-11274. These issues can only be triggered when processing specially crafted 3D model files from untrusted sources. The vulnerabilities are rated low to moderate severity and fixing them carries a high risk of regressions in 3D rendering functionality. Customers are advised to only use 3D asset files from trusted sources. No fix is planned for Amazon Linux at this time.
Amazon Linux will not provide fixes for: CVE-2024-48426, CVE-2025-2752, CVE-2025-15538, CVE-2025-6119, CVE-2025-11275, CVE-2025-11274. These issues can only be triggered when processing specially crafted 3D model files from untrusted sources. The vulnerabilities are rated low to moderate severity and fixing them carries a high risk of regressions in 3D rendering functionality. Customers are advised to only use 3D asset files from trusted sources. No fix is planned for Amazon Linux at this time.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | qt5-qt3d | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
| NVD | CVSSv3 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |