Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-48424

Опубликовано: 24 окт. 2024
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.

A flaw was found in the Assimp asset import library. An attacker my be able to trigger a buffer overflow condition via specially-crafted OpenGEX files. This may lead to a denial of service or other unexpected behavior.

Отчет

The heap-buffer-overflow vulnerability in the Assimp library is classified as moderate because, while it can cause memory corruption or application crashes, it does not inherently lead to arbitrary code execution or privilege escalation. Exploitation requires a crafted OpenGEX file, limiting the attack surface to scenarios where untrusted files are processed by the affected function. It's important to note that this vulnerability does not impact any Red Hat products, indicating that Red Hat's software stack is unaffected by this specific CVE.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9qt5-qt3dNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2321628assimp: heap-buffer-overflow in OpenDDLParser::parseStructure

EPSS

Процентиль: 7%
0.00031
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-48424

CVSS3: 5.5
ubuntu
8 месяцев назад

A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.

nvd логотип

CVE-2024-48424

CVSS3: 5.5
nvd
8 месяцев назад

A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.

debian логотип

CVE-2024-48424

CVSS3: 5.5
debian
8 месяцев назад

A heap-buffer-overflow vulnerability has been identified in the OpenDD ...

github логотип

GHSA-93cm-9ghm-5q5v

CVSS3: 5.5
github
8 месяцев назад

A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.

fstec логотип

BDU:2025-03338

CVSS3: 5.5
fstec
8 месяцев назад

Уязвимость функции OpenDDLParser::parseStructure() библиотеки импорта 3D-моделей Open Asset Import Library (Assimp), позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 7%
0.00031
Низкий

5.5 Medium

CVSS3