Amazon Linux 2 Security Advisory: ALAS2-2026-3335
Advisory Released Date: 2026-06-08
Advisory Updated Date: 2026-06-08
FAQs regarding Amazon Linux ALAS/CVE Severity
Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation (CVE-2025-70067)
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method (CVE-2025-70069)
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry() (CVE-2025-70070)
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray() (CVE-2025-70071)
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components (CVE-2025-70072)
Affected Packages:
qt5-qt3d
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update qt5-qt3d or yum update --advisory ALAS2-2026-3335 to update your system.
aarch64:
qt5-qt3d-5.15.3-1.amzn2.0.9.aarch64
qt5-qt3d-devel-5.15.3-1.amzn2.0.9.aarch64
qt5-qt3d-examples-5.15.3-1.amzn2.0.9.aarch64
qt5-qt3d-debuginfo-5.15.3-1.amzn2.0.9.aarch64
i686:
qt5-qt3d-5.15.3-1.amzn2.0.9.i686
qt5-qt3d-devel-5.15.3-1.amzn2.0.9.i686
qt5-qt3d-examples-5.15.3-1.amzn2.0.9.i686
qt5-qt3d-debuginfo-5.15.3-1.amzn2.0.9.i686
src:
qt5-qt3d-5.15.3-1.amzn2.0.9.src
x86_64:
qt5-qt3d-5.15.3-1.amzn2.0.9.x86_64
qt5-qt3d-devel-5.15.3-1.amzn2.0.9.x86_64
qt5-qt3d-examples-5.15.3-1.amzn2.0.9.x86_64
qt5-qt3d-debuginfo-5.15.3-1.amzn2.0.9.x86_64