Heap-Based Buffer Overflow in Open Asset Import Library by Assimp
CVE-2021-45948

5.5MEDIUM

Key Information:

Vendor: Assimp
Status: Assimp
Vendor: CVE Published:; 1 January 2022

What is CVE-2021-45948?

The Open Asset Import Library, specifically versions 5.1.0 and 5.1.1, is susceptible to a heap-based buffer overflow. This vulnerability manifests in the function _m3d_safestr, called during the loading of M3D files. If exploited, it could lead to arbitrary code execution, potentially compromising the integrity of applications utilizing this library. It is crucial for users to update to the latest version to mitigate risks associated with this vulnerability.

References

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/...

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416

https://security.gentoo.org/glsa/202210-01

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 1, 2022
Vulnerability Reserved
Dec 31, 2021

CVE-2021-45948 Data

JSON