Arbitrary Code Execution Vulnerability in Assimp Prior to 5.4.3
CVE-2024-45679

Currently unrated

Key Information:

Vendor
Open Asset Import Library
Status
Assimp
Vendor
CVE Published:
18 September 2024

Summary

A heap-based buffer overflow vulnerability exists in Assimp that affects versions prior to 5.4.3. This security weakness allows local attackers to execute arbitrary code by importing a specially crafted file into the product. Such attacks can lead to severe consequences, including unauthorized actions on the system. Users of affected versions are advised to update to version 5.4.3 or later to mitigate potential risks. Detailed insights are available in the release notes and security advisories provided by the vendor.

Affected Version(s)

Assimp prior to 5.4.3

References

https://github.com/assimp/assimp/releases/tag/v5.4.3
https://jvn.jp/en/jp/JVN42386607/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-45679 : Arbitrary Code Execution Vulnerability in Assimp Prior to 5.4.3 | SecurityVulnerability.io