Heap Buffer Overflow in Assimp Library Affecting OpenGEX File Processing
CVE-2024-48424

5.5MEDIUM

Key Information:

Vendor: Assimp
Status: Assimp Library
Vendor: CVE Published:; 24 October 2024

What is CVE-2024-48424?

A heap buffer overflow vulnerability has been identified in the Assimp library, specifically within the OpenDDLParser::parseStructure function. This vulnerability arises during the processing of OpenGEX files, potentially allowing attackers to exploit application behaviors and execute arbitrary code. Organizations utilizing the Assimp library should prioritize updating to the latest version to mitigate this vulnerability and ensure the security of their applications.

References

https://github.com/assimp/assimp/issues/5787

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2024

CVE-2024-48424 Data

JSON