qt5-qt3d-5.15.9-2.el9_6
エラータID: AXSA:2025-10725:01
リリース日:
2025/08/12 Tuesday - 15:52
題名:
qt5-qt3d-5.15.9-2.el9_6
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- qt5-qt3d には、バッファーオーバーフローの問題があるため、
ローカルの攻撃者により、巧妙に細工された LWO ファイルを介して、
情報の漏洩、データ破壊、およびサービス拒否攻撃を可能とする脆弱性
が存在します。(CVE-2025-3158)
- qt5-qt3d には、バッファーオーバーフローの問題があるため、
ローカルの攻撃者により、巧妙に細工された ASE ファイルを介して、
情報の漏洩、データ破壊、およびサービス拒否攻撃を可能とする脆弱性
が存在します。(CVE-2025-3159)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-3158
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVE-2025-3159
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is e8a6286542924e628e02749c4f5ac4f91fdae71b. It is recommended to apply a patch to fix this issue.
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is e8a6286542924e628e02749c4f5ac4f91fdae71b. It is recommended to apply a patch to fix this issue.
追加情報:
N/A
ダウンロード:
SRPMS
- qt5-qt3d-5.15.9-2.el9_6.src.rpm
MD5: dbade4a17593fd50bf22c73089d5331a
SHA-256: 8e20cbde38c46890fbe088d1cfde17a4e196f27b28cbd9c9d5e6473b745d6980
Size: 112.87 MB
Asianux Server 9 for x86_64
- qt5-qt3d-5.15.9-2.el9_6.i686.rpm
MD5: d2644dde6d7490598ff2ca929b31d7a7
SHA-256: 18efaea2c416a13c0e3203187ac608bdf0ba482bd45b27f07cb8c0f06b2eed9a
Size: 3.35 MB - qt5-qt3d-5.15.9-2.el9_6.x86_64.rpm
MD5: d85a23cddc023ec2158bc650f60e072d
SHA-256: 657404bd4f16b924ec4a6418d2fb8ccfc372755abc41ed57e6fc280075f04710
Size: 3.05 MB - qt5-qt3d-devel-5.15.9-2.el9_6.i686.rpm
MD5: 5ac89100027c9dc7786b2d8256e90997
SHA-256: b2ed098121682a7350ba6264600e839274132068c6f77ed89901ea0b2e71ab83
Size: 1.58 MB - qt5-qt3d-devel-5.15.9-2.el9_6.x86_64.rpm
MD5: ae8ff8aeae1150a7ab2219e45ad0d12a
SHA-256: 445c4734696c11e0c0658c2ff74cd9e66d911a6e52a7732ccb84fa29c0b7a248
Size: 1.49 MB - qt5-qt3d-examples-5.15.9-2.el9_6.x86_64.rpm
MD5: 73923af621e2c11a03c78bb635ee3f22
SHA-256: 37e3e4641c084436846ae3e8c1ca8bcb39074f2f755906ce16ea2feb684161fd
Size: 255.51 MB
English