Описание
A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).
A flaw was found in the Asset Import Library (Assimp). A maliciously crafted 3D model file can trigger this segmentation fault, causing the application to crash.
Отчет
The segmentation fault detected in the SortByPTypeProcess::Execute function of the Assimp library is classified as a Moderate severity vulnerability rather than Important due to the context of its impact and exploitability. While the fault can lead to a program crash and disrupt normal operations, it does not inherently allow for arbitrary code execution or data corruption, which are characteristics typically associated with higher-severity vulnerabilities. Furthermore, the issue arises specifically during fuzz testing, indicating that it requires unusual or malformed input to trigger, limiting its potential exploitation in typical usage scenarios.
It's important to note that this vulnerability does not impact any Red Hat products, indicating that Red Hat's software stack is unaffected by this specific CVE.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 9 | qt5-qt3d | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.2 Medium
CVSS3
Связанные уязвимости
A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).
A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).
A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Ex ...
A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).
EPSS
6.2 Medium
CVSS3