CVE-2025-2752: 
NixOS vulnerability analysis and mitigation

A vulnerability (CVE-2025-2752) was discovered in Open Asset Import Library (Assimp) version 5.4.3. The issue affects the fastatorealmove function in the library include/assimp/fast_atof.h component of the CSM File Handler. The vulnerability was disclosed on March 25, 2025, and is classified as problematic (NVD, MITRE).

The vulnerability is an out-of-bounds read issue that occurs in the CSM File Handler component. The problem specifically manifests in the fastatorealmove function when processing malformed input. The vulnerability has received a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L, and a CVSS v4.0 score of 5.3 (Medium) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N (NVD).

The vulnerability can lead to out-of-bounds read operations when processing malformed CSM files. This can potentially result in a denial of service condition if an attacker can convince a victim to process a specially crafted CSM file (GitHub Issue).

As of the vulnerability disclosure, no official patches have been released. The issue affects Assimp version 5.4.3, and users are advised to monitor the official repository for security updates (Debian Tracker).