CVE-2024-45679

Опубликовано: 18 сент. 2024

Источник: debian

EPSS Низкий

Описание

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
assimp	fixed	5.4.0+ds-1		package
assimp	ignored		bookworm	package
assimp	postponed		bullseye	package

Примечания

https://github.com/assimp/assimp/pull/5310
https://github.com/assimp/assimp/commit/e4e2c63e0c2c449cd69fb9a3269e865eb83c241d (v5.4.0)

EPSS

Процентиль: 28%

0.00096

Низкий

Связанные уязвимости

CVE-2024-45679

CVSS3: 8.4

ubuntu

12 месяцев назад

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.

CVE-2024-45679

CVSS3: 8.4

nvd

12 месяцев назад

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.

ROS-20250212-04

CVSS3: 7.5

redos

7 месяцев назад

Уязвимость python3-werkzeug

GHSA-3j56-rc6g-pp7q

CVSS3: 8.4

github

12 месяцев назад

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.

BDU:2025-02665

CVSS3: 8.4

fstec

12 месяцев назад

Уязвимость библиотеки импорта 3D-моделей Open Asset Import Library (Assimp), связанная с переполнением буфера кучи, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 28%

0.00096

Низкий