CVE-2025-11275: 
Linux Debian vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability was identified in Open Asset Import Library (Assimp) version 6.0.2, specifically affecting the ODDLParser::getNextSeparator function in the library assimp/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h. The vulnerability was discovered and reported on September 19, 2025 (Github Issue, VulDB).

The vulnerability occurs when the 'in' pointer becomes greater than the 'end' pointer, violating the function's contract. The issue manifests in the loop condition 'while (in != end && !isSeparator(*in))', which attempts to dereference the 'in' pointer past the allocated buffer. The vulnerability has been assigned CVSS v4.0 score of 4.8 (MEDIUM) with vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P, and CVSS v3.1 score of 5.3 (MEDIUM) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (VulDB).

The vulnerability leads to a heap-based buffer overflow condition which could potentially result in memory corruption. The attack must be carried out locally, with the potential for low-level impacts on confidentiality, integrity, and availability of the affected system (NVD).