vulnerability
Oracle Linux: CVE-2025-11277: ELSA-2025-19911: qt5-qt3d security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:L/Au:S/C:P/I:P/A:P) | Oct 5, 2025 | Nov 10, 2025 | Dec 5, 2025 |
Severity
4
CVSS
(AV:L/AC:L/Au:S/C:P/I:P/A:P)
Published
Oct 5, 2025
Added
Nov 10, 2025
Modified
Dec 5, 2025
Description
A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited.
A flaw was found in the assimp library. Processing a specially crafted input file can trigger a heap-based buffer overflow due to an integer overflow when reading texture data, causing a crash to the application linked to the library and resulting in a denial of service.
A flaw was found in the assimp library. Processing a specially crafted input file can trigger a heap-based buffer overflow due to an integer overflow when reading texture data, causing a crash to the application linked to the library and resulting in a denial of service.
Solutions
oracle-linux-upgrade-qt5-qt3doracle-linux-upgrade-qt5-qt3d-develoracle-linux-upgrade-qt5-qt3d-examplesoracle-linux-upgrade-qt6-qtquick3doracle-linux-upgrade-qt6-qtquick3d-develoracle-linux-upgrade-qt6-qtquick3d-examples
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.