Amazon Linux 2 Security Advisory: ALAS2-2026-3187
Advisory Released Date: 2026-03-06
Advisory Updated Date: 2026-03-06
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. (CVE-2025-2756)
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. (CVE-2025-3549)
Affected Packages:
qt5-qt3d
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update qt5-qt3d or yum update --advisory ALAS2-2026-3187 to update your system.
aarch64:
qt5-qt3d-5.15.3-1.amzn2.0.8.aarch64
qt5-qt3d-devel-5.15.3-1.amzn2.0.8.aarch64
qt5-qt3d-examples-5.15.3-1.amzn2.0.8.aarch64
qt5-qt3d-debuginfo-5.15.3-1.amzn2.0.8.aarch64
i686:
qt5-qt3d-5.15.3-1.amzn2.0.8.i686
qt5-qt3d-devel-5.15.3-1.amzn2.0.8.i686
qt5-qt3d-examples-5.15.3-1.amzn2.0.8.i686
qt5-qt3d-debuginfo-5.15.3-1.amzn2.0.8.i686
src:
qt5-qt3d-5.15.3-1.amzn2.0.8.src
x86_64:
qt5-qt3d-5.15.3-1.amzn2.0.8.x86_64
qt5-qt3d-devel-5.15.3-1.amzn2.0.8.x86_64
qt5-qt3d-examples-5.15.3-1.amzn2.0.8.x86_64
qt5-qt3d-debuginfo-5.15.3-1.amzn2.0.8.x86_64