{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2025-3159","title":"Title"},{"category":"description","text":"A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is e8a6286542924e628e02749c4f5ac4f91fdae71b. It is recommended to apply a patch to fix this issue.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2025-3159","url":"https://www.suse.com/security/cve/CVE-2025-3159"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1240774 for CVE-2025-3159","url":"https://bugzilla.suse.com/1240774"},{"category":"external","summary":"Advisory link for RHSA-2025:12842","url":"https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001904.html"}],"title":"SUSE CVE CVE-2025-3159","tracking":{"current_release_date":"2025-12-19T00:51:03Z","generator":{"date":"2025-04-05T02:28:33Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2025-3159","initial_release_date":"2025-04-05T02:28:33Z","revision_history":[{"date":"2025-04-05T02:28:33Z","number":"2","summary":"Current version"},{"date":"2025-06-04T03:02:20Z","number":"3","summary":"Current version"},{"date":"2025-08-11T23:24:15Z","number":"4","summary":"Current version"},{"date":"2025-10-06T23:50:30Z","number":"5","summary":"Current version"},{"date":"2025-12-17T00:51:38Z","number":"6","summary":"description changed"},{"date":"2025-12-19T00:51:03Z","number":"7","summary":"description changed"}],"status":"interim","version":"7"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Liberty Linux 9","product":{"name":"SUSE Liberty Linux 9","product_id":"SUSE Liberty Linux 9","product_identification_helper":{"cpe":"cpe:/o:suse:sll:9"}}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"assimp-devel-6.0.1-1.1","product":{"name":"assimp-devel-6.0.1-1.1","product_id":"assimp-devel-6.0.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/assimp-devel@6.0.1-1.1"}}},{"category":"product_version","name":"libassimp5-6.0.1-1.1","product":{"name":"libassimp5-6.0.1-1.1","product_id":"libassimp5-6.0.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/libassimp5@6.0.1-1.1?upstream=assimp-6.0.1-1.1.src.rpm"}}},{"category":"product_version","name":"qt5-qt3d-5.15.9-2.el9_6","product":{"name":"qt5-qt3d-5.15.9-2.el9_6","product_id":"qt5-qt3d-5.15.9-2.el9_6","product_identification_helper":{"purl":"pkg:rpm/suse/qt5-qt3d@5.15.9-2.el9_6"}}},{"category":"product_version","name":"qt5-qt3d-devel-5.15.9-2.el9_6","product":{"name":"qt5-qt3d-devel-5.15.9-2.el9_6","product_id":"qt5-qt3d-devel-5.15.9-2.el9_6","product_identification_helper":{"purl":"pkg:rpm/suse/qt5-qt3d-devel@5.15.9-2.el9_6"}}},{"category":"product_version","name":"qt5-qt3d-examples-5.15.9-2.el9_6","product":{"name":"qt5-qt3d-examples-5.15.9-2.el9_6","product_id":"qt5-qt3d-examples-5.15.9-2.el9_6","product_identification_helper":{"purl":"pkg:rpm/suse/qt5-qt3d-examples@5.15.9-2.el9_6"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"qt5-qt3d-5.15.9-2.el9_6 as component of SUSE Liberty Linux 9","product_id":"SUSE Liberty Linux 9:qt5-qt3d-5.15.9-2.el9_6"},"product_reference":"qt5-qt3d-5.15.9-2.el9_6","relates_to_product_reference":"SUSE Liberty Linux 9"},{"category":"default_component_of","full_product_name":{"name":"qt5-qt3d-devel-5.15.9-2.el9_6 as component of SUSE Liberty Linux 9","product_id":"SUSE Liberty Linux 9:qt5-qt3d-devel-5.15.9-2.el9_6"},"product_reference":"qt5-qt3d-devel-5.15.9-2.el9_6","relates_to_product_reference":"SUSE Liberty Linux 9"},{"category":"default_component_of","full_product_name":{"name":"qt5-qt3d-examples-5.15.9-2.el9_6 as component of SUSE Liberty Linux 9","product_id":"SUSE Liberty Linux 9:qt5-qt3d-examples-5.15.9-2.el9_6"},"product_reference":"qt5-qt3d-examples-5.15.9-2.el9_6","relates_to_product_reference":"SUSE Liberty Linux 9"},{"category":"default_component_of","full_product_name":{"name":"assimp-devel-6.0.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:assimp-devel-6.0.1-1.1"},"product_reference":"assimp-devel-6.0.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libassimp5-6.0.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libassimp5-6.0.1-1.1"},"product_reference":"libassimp5-6.0.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"}]},"vulnerabilities":[{"cve":"CVE-2025-3159","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-3159"}],"notes":[{"category":"general","text":"A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is e8a6286542924e628e02749c4f5ac4f91fdae71b. It is recommended to apply a patch to fix this issue.","title":"CVE description"}],"product_status":{"recommended":["SUSE Liberty Linux 9:qt5-qt3d-5.15.9-2.el9_6","SUSE Liberty Linux 9:qt5-qt3d-devel-5.15.9-2.el9_6","SUSE Liberty Linux 9:qt5-qt3d-examples-5.15.9-2.el9_6","openSUSE Tumbleweed:assimp-devel-6.0.1-1.1","openSUSE Tumbleweed:libassimp5-6.0.1-1.1"]},"references":[{"category":"external","summary":"CVE-2025-3159","url":"https://www.suse.com/security/cve/CVE-2025-3159"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1240774 for CVE-2025-3159","url":"https://bugzilla.suse.com/1240774"},{"category":"external","summary":"Advisory link for RHSA-2025:12842","url":"https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001904.html"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Liberty Linux 9:qt5-qt3d-5.15.9-2.el9_6","SUSE Liberty Linux 9:qt5-qt3d-devel-5.15.9-2.el9_6","SUSE Liberty Linux 9:qt5-qt3d-examples-5.15.9-2.el9_6","openSUSE Tumbleweed:assimp-devel-6.0.1-1.1","openSUSE Tumbleweed:libassimp5-6.0.1-1.1"]}],"scores":[{"cvss_v3":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","version":"3.1"},"products":["SUSE Liberty Linux 9:qt5-qt3d-5.15.9-2.el9_6","SUSE Liberty Linux 9:qt5-qt3d-devel-5.15.9-2.el9_6","SUSE Liberty Linux 9:qt5-qt3d-examples-5.15.9-2.el9_6","openSUSE Tumbleweed:assimp-devel-6.0.1-1.1","openSUSE Tumbleweed:libassimp5-6.0.1-1.1"]}],"threats":[{"category":"impact","date":"2025-04-03T16:01:48Z","details":"moderate"}],"title":"CVE-2025-3159"}]}