Assimp
CVE-2024-53425
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash.
AnalysisAI
A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash. Affected products include: Assimp.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.
An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function wi
Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component A
A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz t
A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the
A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp
A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CV
A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic.h of the component CSM
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3.cpp. Rated m
A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerabilit
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today