CVE-2025-3549: 
NixOS vulnerability analysis and mitigation

A critical vulnerability (CVE-2025-3549) was discovered in Open Asset Import Library (Assimp) version 5.4.3, disclosed on April 13, 2025. The vulnerability affects the Assimp::MD3Importer::ValidateSurfaceHeaderOffsets function in the code/AssetLib/MD3/MD3Loader.cpp file of the File Handler component. This heap-based buffer overflow vulnerability requires local access to exploit (NVD, RedHat).

The vulnerability occurs in the ValidateSurfaceHeaderOffsets function where there is insufficient validation of pointer validity, leading to the use of wild pointers. The function calculates relative offsets and checks data chunk ranges, but fails to properly validate memory boundaries. The issue has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L. The vulnerability is classified under CWE-122 (Heap-based Buffer Overflow) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (Github Issue).

The exploitation of this vulnerability can lead to heap-based buffer overflow, potentially resulting in application crashes or memory corruption. The attack can affect system integrity and availability, with potential for unauthorized access to memory regions. The vulnerability has been classified as critical due to its potential impact on system security (NVD).

Currently, no official patch or mitigation is available for this vulnerability. According to Red Hat Product Security, mitigation options either do not exist or do not meet their criteria for ease of use, deployment, and stability (RedHat).