130 matches found
PYSEC-2025-173
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to...
UBUNTU-CVE-2025-5166
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to...
PYSEC-2025-172
A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...
PYSEC-2025-172
A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...
DEBIAN-CVE-2025-5165
A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...
CVE-2025-5165
A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...
UBUNTU-CVE-2025-5165
A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...
CVE-2025-5166 Open Asset Import Library Assimp MDC File Parser MDCLoader.cpp InternReadFile out-of-bounds
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to...
CVE-2025-5166 Open Asset Import Library Assimp MDC File Parser MDCLoader.cpp InternReadFile out-of-bounds
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to...
CVE-2025-5166 Open Asset Import Library Assimp MDC File Parser MDCLoader.cpp InternReadFile out-of-bounds
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to...
CVE-2025-5166
Open Asset Import Library Assimp 5.4.3 contains CVE-2025-5166 affecting MDCImporter::InternReadFile in MDCLoader.cpp (MDC File Parser). The manipulation of the argument pcVerts leads to an out-of-bounds read and local access may be exploited. Public disclosure of the exploit is noted. Connected O...
PT-2025-22882 · Assimp +1 · Assimp +1
Name of the Vulnerable Software and Affected Versions: Open Asset Import Library Assimp version 5.4.3 Description: A vulnerability was found in the Open Asset Import Library Assimp. It has been classified as problematic and affects the function MDCImporter::InternReadFile of the component MDC Fil...
CVE-2024-51875
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nazmul Ahsan MDC YouTube Downloader mdc-youtube-downloader allows DOM-Based XSS.This issue affects MDC YouTube Downloader: from n/a through = 3.0.0...
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...
CVE-2025-24981
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL. Th...
CVE-2025-24981 Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL. Th...
CVE-2025-24981
The CVE-2025-24981 vulnerability affects MDC (the Markdown-to-Vue integration used in @nuxtjs/mdc). The root cause is unsafe URL parsing in the parser (props.ts) that uses a deny-list for protocols (e.g., javascript:) but can be bypassed when the attacker provides hex-encoded HTML entities within...
CVE-2025-24981 Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL. Th...
CVE-2025-23639
Cross-Site Request Forgery CSRF vulnerability in Nazmul Ahsan MDC YouTube Downloader mdc-youtube-downloader allows Stored XSS.This issue affects MDC YouTube Downloader: from n/a through = 3.0.0...
Nuxt MDC 跨站脚本漏洞
Nuxt MDC is a Nuxt open source application that enhances regular Markdown. A cross-site scripting vulnerability exists in Nuxt MDC that stems from insecure parsing logic for URLs in Markdown, leading to arbitrary JavaScript code execution...