These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A low-severity out-of-bounds read vulnerability exists in the Open Asset Import Library (Assimp) through version 6.0.4. The flaw resides in the HL1MDLLoader::read_sequence_infos function within HL1MDLLoader.cpp, which handles Half-Life 1 MDL model loading. Manipulation of an aiString argument can trigger an out-of-bounds read condition. The attack vector requires local access with low privileges and no us [truncated]
A use-after-free vulnerability exists in the Open Asset Import Library (Assimp) through version 6.0.4, specifically within the `aiNode::~aiNode` destructor in `scene.cpp` during ASE file parsing. The vulnerability requires local access and has a LOW severity CVSS score of 1.9. A public proof-of-concept exploit has been released. The project maintainers have tagged the reported issue as a bug.
A heap-based buffer overflow vulnerability exists in the Open Asset Import Library (Assimp) through version 6.0.4, specifically within the Half-Life 1 MDL Loader component. The flaw resides in the `HL1MDLLoader::read_meshes` function in `HL1MDLLoader.cpp`. The vulnerability requires local access and low privileges to exploit, with no user interaction needed. A proof-of-concept has been publicly disclosed, [truncated]
A null pointer dereference vulnerability exists in the Open Asset Import Library (Assimp) through version 6.0.4, specifically within the `glTF2::LazyDict` function in `glTF2Asset.h`. The flaw arises from improper handling of the `operator[]` argument, which can be manipulated to trigger a null pointer dereference. The attack vector is local, requiring low privileges and no user interaction, with a demonst [truncated]
A CVE record for CVE-2025-70070 was published on May 4, 2026, at 15:16:03 GMT. The issue is related to Assimp v.6.0.2 and allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry(). The CVSS score is 6.5, and the severity is MEDIUM. This vulnerability has a medium priority due to its CVSS score and potential for denial of service. Organizations using As [truncated]
CVE-2025-70069 is a high-severity vulnerability in Assimp v.6.0.2 that allows remote attackers to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method. The vulnerability has a CVSS score of 7.5 and is classified as HIGH. The CVE record was published on May 4, 2026, and last modified on June 30, 2026. The vulnerability affects Assimp, a library used for importing various [truncated]
A critical buffer overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation. This issue allows potential attackers to execute arbitrary code by exploiting the buffer overflow. Users an [truncated]