INFSA-2025:12842: qt5-qt3d security update
Information about definition
Identificator: INFSA-2025:12842
Type: security
Release date: 2025-08-13 13:37:08 UTC
Information about package
Qt 3D provides functionality for near-realtime simulation systems with support for 2D and 3D rendering in both Qt C++ and Qt Quick applications).
Vulnerabilities description
- CVE-2025-3158
A flaw has been found in the Open Asset Import Library (assimp). In affected versions, a malformed LWO file may trigger a heap-based buffer overflow, which may lead to an application crash or other undefined behavior.
- CVE-2025-3159
A flaw has been found in the Open Asset Import Library (assimp). In affected versions, a malformed ASE file may trigger a heap-based buffer overflow, which may lead to an application crash or other undefined behavior.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-3158
|
no information | 5.3 | no information |
|
NIST — CVE-2025-3159
|
no information | 5.3 | no information |
Updated packages