Open Asset Import Library Assimp LWOMaterial.cpp FindUVChannels use after free

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.

Basic Information

ID CVE-2025-15538

Source VulDB

Published Jan 18, 2026 at 23:02

Affected Product

Vendor Open Asset Import Library

Product Assimp

Version 6.0.0

Affected Versions Open Asset Import Library Assimp 6.0.0
Open Asset Import Library Assimp 6.0.1
Open Asset Import Library Assimp 6.0.2

CWE Classification

CWE-416 CWE-119

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.",
    "published": "2026-01-18T23:02:07.734Z",
    "modified": "2026-01-18T23:02:07.734Z",
    "type": "cve",
    "title": "Open Asset Import Library Assimp LWOMaterial.cpp FindUVChannels use after free",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.341727\nhttps://vuldb.com/?ctiid.341727\nhttps://vuldb.com/?submit.735232\nhttps://github.com/assimp/assimp/issues/6258\nhttps://github.com/assimp/assimp/issues/6258#issuecomment-3070999530\nhttps://github.com/user-attachments/files/21216542/assimp_poc10.zip",
    "id": "CVE-2025-15538",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Open Asset Import Library Assimp 6.0.0\nOpen Asset Import Library Assimp 6.0.1\nOpen Asset Import Library Assimp 6.0.2",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Assimp",
    "version": "6.0.0",
    "vendor": "Open Asset Import Library",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Open Asset Import Library Assimp LWOMaterial.cpp FindUVChannels use after free_CVE-2025-15538