Описание
An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| assimp | fixed | 5.3.1+ds-2 | package | |
| assimp | ignored | bookworm | package | |
| assimp | no-dsa | bullseye | package | |
| assimp | no-dsa | buster | package |
Примечания
https://github.com/assimp/assimp/issues/4286
https://github.com/assimp/assimp/commit/4b9f46dbda5128d6d538d185eb69ad6a7b4b99ff (v5.4.0)
EPSS
Связанные уязвимости
An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.
An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.
An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.
Уязвимость реализации функции ColladaParser::ExtractDataObjectFromChannel() библиотеки импорта 3D-моделей Open Asset Import Library (Assimp), позволяющая нарушителю получить несанкционированный к конфиденциальной информации
EPSS