| CVE-2024-48423 |
BDSA-2024-7807 |
High |
Oct 24, 2024 |
An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.
An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.
less...
|
5.4.3
|
| BDSA-2024-9057 |
|
High |
Nov 25, 2024 |
A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain ma
more...
A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash.
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Black Duck CyRC.**
less...
|
|
| BDSA-2024-7809 |
|
Medium |
Oct 25, 2024 |
A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. T
more...
A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Black Duck CyRC.**
less...
|
|
| BDSA-2024-7808 |
|
Medium |
Oct 25, 2024 |
A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz tes
more...
A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference.
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Black Duck CyRC.**
less...
|
|
| BDSA-2024-7806 |
|
High |
Oct 25, 2024 |
A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during t
more...
A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Black Duck CyRC.**
less...
|
|
| BDSA-2024-6721 |
|
Medium |
Sep 27, 2024 |
Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
**Note: CVE details have been utilized in generating thi
more...
Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Synopsys CyRC.**
less...
|
|
