From 0c07796c62e95527f3d080b0d2973ba1543fa5dd Mon Sep 17 00:00:00 2001 From: changtao Date: Sat, 22 Mar 2025 00:02:22 +0800 Subject: [PATCH] fix CVE-2025-2591 CVE-2025-2592 --- CVE-2025-2591.patch | 24 ++++++++++++++++++++++++ CVE-2025-2592.patch | 26 ++++++++++++++++++++++++++ assimp.spec | 10 +++++++++- 3 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 CVE-2025-2591.patch create mode 100644 CVE-2025-2592.patch diff --git a/CVE-2025-2591.patch b/CVE-2025-2591.patch new file mode 100644 index 0000000..7ff8816 --- /dev/null +++ b/CVE-2025-2591.patch @@ -0,0 +1,24 @@ +From ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd Mon Sep 17 00:00:00 2001 +From: Kim Kulling +Date: Wed, 12 Mar 2025 23:40:38 +0100 +Subject: [PATCH] MDL: Fix overflow check +--- + code/AssetLib/MDL/MDLLoader.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/code/AssetLib/MDL/MDLLoader.cpp b/code/AssetLib/MDL/MDLLoader.cpp +index 7b2ec71..ec66aa4 100644 +--- a/code/AssetLib/MDL/MDLLoader.cpp ++++ b/code/AssetLib/MDL/MDLLoader.cpp +@@ -411,7 +411,7 @@ void MDLImporter::InternReadFile_Quake1() { + } + // go to the end of the skin section / the beginning of the next skin + bool overflow = false; +- if (pcHeader->skinwidth != 0 || pcHeader->skinheight != 0) { ++ if (pcHeader->skinwidth != 0 && pcHeader->skinheight != 0) { + if ((pcHeader->skinheight > INT_MAX / pcHeader->skinwidth) || (pcHeader->skinwidth > INT_MAX / pcHeader->skinheight)){ + overflow = true; + } +-- +2.41.0 + diff --git a/CVE-2025-2592.patch b/CVE-2025-2592.patch new file mode 100644 index 0000000..9b56a7c --- /dev/null +++ b/CVE-2025-2592.patch @@ -0,0 +1,26 @@ +From 2690e354da0c681db000cfd892a55226788f2743 Mon Sep 17 00:00:00 2001 +From: Kim Kulling +Date: Thu, 13 Mar 2025 21:10:49 +0100 +Subject: [PATCH] CMS: Fix possible overflow access (#6052) + +- closes https://github.com/assimp/assimp/issues/6010 +--- + code/AssetLib/CSM/CSMLoader.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/code/AssetLib/CSM/CSMLoader.cpp b/code/AssetLib/CSM/CSMLoader.cpp +index db152f4..491ce08 100644 +--- a/code/AssetLib/CSM/CSMLoader.cpp ++++ b/code/AssetLib/CSM/CSMLoader.cpp +@@ -164,7 +164,7 @@ void CSMImporter::InternReadFile( const std::string& pFile, + aiNodeAnim* nda = anims_temp.back(); + + char* ot = nda->mNodeName.data; +- while (!IsSpaceOrNewLine(*buffer)) ++ while (!IsSpaceOrNewLine(*buffer) && buffer != end) + *ot++ = *buffer++; + + *ot = '\0'; +-- +2.41.0 + diff --git a/assimp.spec b/assimp.spec index 730cc06..abea2e3 100644 --- a/assimp.spec +++ b/assimp.spec @@ -1,6 +1,6 @@ Name: assimp Version: 5.3.1 -Release: 9 +Release: 10 Summary: Library to load and process various 3D model formats into applications. License: BSD and MIT and LGPL-2.1 and LGPL-2.0 and GPL-2.0 and LGPL-3.0 and GPL-3.0 URL: http://www.assimp.org/ @@ -21,6 +21,8 @@ Patch06: CVE-2024-48424.patch Patch07: CVE-2024-53425-pre-Fix-Add-check-for-invalid-input-argument.patch Patch08: CVE-2024-53425.patch Patch09: CVE-2025-2151.patch +Patch10: CVE-2025-2591.patch +Patch11: CVE-2025-2592.patch BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zziplib) @@ -86,6 +88,12 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass %{python3_sitelib}/pyassimp %changelog +* Sat Mar 22 2025 changtao - 5.3.1-10 +- Type:CVE +- CVE:CVE-2025-2591 CVE-2025-2592 +- SUG:NA +- DESC:fix CVE-2025-2591 CVE-2025-2592 + * Thu Mar 20 2025 wangkai <13474090681@163.com> - 5.3.1-9 - Fix CVE-2025-2151 -- Gitee