Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-48423

Опубликовано: 24 окт. 2024
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.

A flaw was found in assimp, an asset import library. A local attacker may be able to use specially-crafted input to trigger a buffer overflow condition. This can lead to an application crash or other unexpected behavior.

Отчет

The vulnerability in Assimp is considered moderate rather than important because it requires local access and specially crafted input files to exploit, limiting its impact and attack surface. While a buffer overflow can indeed cause an application crash or unpredictable behavior, exploitation is not straightforward, as it does not inherently lead to code execution or privilege escalation without additional conditions. Furthermore, the flaw affects only applications that utilize Assimp for processing untrusted or user-supplied 3D models. It's important to note that this vulnerability does not impact any Red Hat products, indicating that Red Hat's software stack is unaffected by this specific CVE.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9qt5-qt3dNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2321643assimp: arbitrary code execution via CallbackToLogRedirector function

EPSS

Процентиль: 8%
0.00034
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-48423

CVSS3: 7.8
ubuntu
10 месяцев назад

An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.

nvd логотип

CVE-2024-48423

CVSS3: 7.8
nvd
10 месяцев назад

An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.

debian логотип

CVE-2024-48423

CVSS3: 7.8
debian
10 месяцев назад

An issue in assimp v.5.4.3 allows a local attacker to execute arbitrar ...

github логотип

GHSA-mjhm-5r72-mjx7

CVSS3: 7.8
github
10 месяцев назад

An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.

fstec логотип

BDU:2025-07005

CVSS3: 8.4
fstec
10 месяцев назад

Уязвимость функции CallbackToLogRedirector() кроссплатформенной библиотеки импорта 3D-моделей Assimp (Open Asset Import Library), позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 8%
0.00034
Низкий

7.8 High

CVSS3