Описание
Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper).
Ссылки
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:assimp:assimp:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:assimp:assimp:5.1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00209
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 5.5
ubuntu
около 4 лет назад
Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper).
CVSS3: 5.5
debian
около 4 лет назад
Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-base ...
CVSS3: 5.5
github
около 4 лет назад
Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper).
EPSS
Процентиль: 43%
0.00209
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-787