vulnerability

Amazon Linux AMI 2: CVE-2025-3016: Security patch for qt5-qt3d (ALAS-2025-2848)

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
Published
Mar 31, 2025
Added
May 14, 2025
Modified
May 14, 2025

Description

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument mWidth/mHeight leads to resource consumption. The attack can be initiated remotely. Upgrading to version 6.0 is able to address this issue. The name of the patch is 5d2a7482312db2e866439a8c05a07ce1e718bed1. It is recommended to apply a patch to fix this issue.

Solution(s)

amazon-linux-ami-2-upgrade-qt5-qt3damazon-linux-ami-2-upgrade-qt5-qt3d-debuginfoamazon-linux-ami-2-upgrade-qt5-qt3d-develamazon-linux-ami-2-upgrade-qt5-qt3d-examples
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.