Описание
A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference.
A flaw was found in the Assimp asset import library. An attacker may be able to trigger a segmentation fault using specially-crafted 3D model files. This can result in a denial of service due to invalid memory access.
Отчет
This vulnerability is considered moderate rather than important because it leads to a segmentation fault (application crash) due to a null pointer dereference, but it does not directly enable arbitrary code execution or privilege escalation. Exploitation requires specific conditions, such as the use of fuzz testing or specially crafted input files, which limit the likelihood of real-world attacks. It's important to note that this vulnerability does not impact any Red Hat products, indicating that Red Hat's software stack is unaffected by this specific CVE.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 9 | qt5-qt3d | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference.
A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference.
A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMesh ...
A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference.
Уязвимость функции Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode() библиотеки импорта 3D-моделей Open Asset Import Library (Assimp), позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.5 Medium
CVSS3