{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"low"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2025-5200","title":"Title"},{"category":"description","text":"A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFile_Quake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2025-5200","url":"https://www.suse.com/security/cve/CVE-2025-5200"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1243689 for CVE-2025-5200","url":"https://bugzilla.suse.com/1243689"}],"title":"SUSE CVE CVE-2025-5200","tracking":{"current_release_date":"2026-02-12T00:40:51Z","generator":{"date":"2025-05-28T03:22:36Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2025-5200","initial_release_date":"2025-05-28T03:22:36Z","revision_history":[{"date":"2025-05-28T03:22:36Z","number":"2","summary":"Current version"},{"date":"2025-12-17T00:50:30Z","number":"3","summary":"description changed"},{"date":"2025-12-19T00:49:59Z","number":"4","summary":"description changed"},{"date":"2026-02-12T00:40:51Z","number":"5","summary":"vulnerabilities added"}],"status":"interim","version":"5"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"assimp-devel-6.0.4-1.1","product":{"name":"assimp-devel-6.0.4-1.1","product_id":"assimp-devel-6.0.4-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/assimp-devel@6.0.4-1.1"}}},{"category":"product_version","name":"libassimp6-6.0.4-1.1","product":{"name":"libassimp6-6.0.4-1.1","product_id":"libassimp6-6.0.4-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/libassimp6@6.0.4-1.1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"assimp-devel-6.0.4-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:assimp-devel-6.0.4-1.1"},"product_reference":"assimp-devel-6.0.4-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"libassimp6-6.0.4-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:libassimp6-6.0.4-1.1"},"product_reference":"libassimp6-6.0.4-1.1","relates_to_product_reference":"openSUSE Tumbleweed"}]},"vulnerabilities":[{"cve":"CVE-2025-5200","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-5200"}],"notes":[{"category":"general","text":"A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFile_Quake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Tumbleweed:assimp-devel-6.0.4-1.1","openSUSE Tumbleweed:libassimp6-6.0.4-1.1"]},"references":[{"category":"external","summary":"CVE-2025-5200","url":"https://www.suse.com/security/cve/CVE-2025-5200"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1243689 for CVE-2025-5200","url":"https://bugzilla.suse.com/1243689"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Tumbleweed:assimp-devel-6.0.4-1.1","openSUSE Tumbleweed:libassimp6-6.0.4-1.1"]}],"scores":[{"cvss_v3":{"baseScore":3.3,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"products":["openSUSE Tumbleweed:assimp-devel-6.0.4-1.1","openSUSE Tumbleweed:libassimp6-6.0.4-1.1"]}],"threats":[{"category":"impact","date":"2025-05-26T20:00:04Z","details":"low"}],"title":"CVE-2025-5200"}]}