Local Code Execution Vulnerability in Assimp Library Version 5.4.3
CVE-2024-48423

7.8HIGH

Key Information:

Vendor: Assimp
Status: Assimp
Vendor: CVE Published:; 24 October 2024

What is CVE-2024-48423?

A vulnerability exists in the Assimp library version 5.4.3 that allows a local attacker to execute arbitrary code. This issue arises specifically in the CallbackToLogRedirector function, which can be exploited to compromise the system's security. It is critical for developers and users of this library to implement necessary mitigations to prevent potential exploitation.

References

https://github.com/assimp/assimp/issues/5788

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2024

CVE-2024-48423 Data

JSON