Backport fix for CVE-2025-11277

2026-01-14 09:37:06 +01:00
2 changed files with 31 additions and 8 deletions
--- a/0978918f7148fbcd3d05cc6573dae7859975a895.patch
+++ b/0978918f7148fbcd3d05cc6573dae7859975a895.patch
@ -0,0 +1,24 @@
+diff -rupN --no-dereference assimp-5.3.1/code/AssetLib/Q3D/Q3DLoader.cpp assimp-5.3.1-new/code/AssetLib/Q3D/Q3DLoader.cpp
+--- assimp-5.3.1/code/AssetLib/Q3D/Q3DLoader.cpp	2023-09-25 16:46:51.000000000 +0200
+++ assimp-5.3.1-new/code/AssetLib/Q3D/Q3DLoader.cpp	2026-01-13 23:53:47.976634803 +0100
+@@ -55,6 +55,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ #include <assimp/DefaultLogger.hpp>
+ #include <assimp/IOSystem.hpp>
+ 
+#include <limits>
+
+ using namespace Assimp;
+ 
+ static const aiImporterDesc desc = {
+@@ -308,6 +310,11 @@ void Q3DImporter::InternReadFile(const s
+                     throw DeadlyImportError("Quick3D: Invalid texture. Width or height is zero");
+                 }
+ 
+                const unsigned int uint_max = std::numeric_limits<unsigned int>::max();
+                if (tex->mWidth > (uint_max / tex->mHeight)) {
+                    throw DeadlyImportError("Quick3D: Texture dimensions are too large, resulting in overflow.");
+                }
+
+                 unsigned int mul = tex->mWidth * tex->mHeight;
+                 aiTexel *begin = tex->pcData = new aiTexel[mul];
+                 aiTexel *const end = &begin[mul - 1] + 1;
--- a/assimp.spec
+++ b/assimp.spec
@ -2,7 +2,7 @@

 Name:           assimp
 Version:        5.3.1
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        Library to import various 3D model formats into applications

 # Assimp is BSD
@ -32,6 +32,8 @@ Patch2:         %{name}-5.2.5-nozlib.patch
 Patch3:         %{name}-5.1.0-doxyfile.patch
 # Enable ctest and correct the project version
 Patch4:         %{name}-5.3.1-tests.patch
+# Backport fix for CVE-2025-11277
+Patch5:         https://github.com/assimp/assimp/commit/0978918f7148fbcd3d05cc6573dae7859975a895.patch

 BuildRequires:  boost-devel
 BuildRequires:  cmake
@ -118,7 +120,7 @@ BuildArch: noarch
 %{summary}.

 %prep
-%setup -q
+%autosetup -p1
 # Get rid of bundled libs so we can't accidently build against them
 rm -r contrib/android-cmake
 rm -r contrib/draco
@ -128,12 +130,6 @@ rm -r contrib/rapidjson
 rm -r contrib/stb
 rm -r contrib/utf8cpp

-%patch 0 -p1 -b .unbundle
-%patch 1 -p1 -b .pythonpath
-%patch 2 -p1 -b .nozlib
-%patch 3 -p1 -b .doxyfile
-%patch 4 -p0 -b .tests
-
 mv contrib/openddlparser/LICENSE contrib/openddlparser/LICENSE.openddlparser

 %build
@ -199,6 +195,9 @@ rm -f %{buildroot}%{_libdir}/libzlibstatic.a
 %endif

 %changelog
+* Tue Jan 13 2026 Sandro Mani <manisandro@gmail.com> - 5.3.1-6
+- Backport fix for CVE-2025-11277
+
 * Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.1-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild