Skip to main content

Assimp CVE-2022-38528

MEDIUM
Out-of-bounds Read (CWE-125)
2022-09-06 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 06, 2022 - 23:15 nvd
MEDIUM 6.5

DescriptionNVD

Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes.

AnalysisAI

Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes. Affected products include: Assimp.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in Assimp

View all
CVE-2024-48423 HIGH POC
7.8 Oct 24

An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function wi

CVE-2024-53425 MEDIUM POC
6.2 Nov 21

A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. Rated medium

CVE-2024-48426 MEDIUM POC
6.2 Oct 24

A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz t

CVE-2024-48425 MEDIUM POC
5.5 Oct 24

A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the

CVE-2024-48424 MEDIUM POC
5.5 Oct 24

A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp

CVE-2025-3016 MEDIUM POC
5.3 Mar 31

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CV

CVE-2025-2752 MEDIUM POC
5.3 Mar 25

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic.h of the component CSM

CVE-2025-3015 MEDIUM POC
5.3 Mar 31

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (

CVE-2025-2592 MEDIUM POC
5.3 Mar 21

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3.cpp. Rated m

CVE-2025-2757 MEDIUM POC
5.3 Mar 25

A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS

CVE-2025-2756 MEDIUM POC
5.3 Mar 25

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (

CVE-2025-2755 MEDIUM POC
5.3 Mar 25

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerabilit

Share

CVE-2022-38528 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy