Описание
Security update for libqt5-qtquick3d
This update for libqt5-qtquick3d fixes the following issues:
- CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class in assimp (bsc#1228199)
Other fixes:
- Fix progressive anti-aliasing, which doesn't work if any object in the scene used a PrincipledMaterial
- Skip processing unknown uniforms, such as those that are vendor specific:
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP5
libQt5Quick3D5-5.15.8+kde1-150500.3.3.1
libQt5Quick3DAssetImport5-5.15.8+kde1-150500.3.3.1
openSUSE Leap 15.5
libQt5Quick3D5-5.15.8+kde1-150500.3.3.1
libQt5Quick3DAssetImport5-5.15.8+kde1-150500.3.3.1
libqt5-qtquick3d-devel-5.15.8+kde1-150500.3.3.1
libqt5-qtquick3d-examples-5.15.8+kde1-150500.3.3.1
libqt5-qtquick3d-imports-5.15.8+kde1-150500.3.3.1
libqt5-qtquick3d-private-headers-devel-5.15.8+kde1-150500.3.3.1
libqt5-qtquick3d-tools-5.15.8+kde1-150500.3.3.1
Ссылки
- Link for SUSE-SU-2024:3078-1
- E-Mail link for SUSE-SU-2024:3078-1
- SUSE Security Ratings
- SUSE Bug 1228199
- SUSE CVE CVE-2024-40724 page
Описание
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP5:libQt5Quick3D5-5.15.8+kde1-150500.3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:libQt5Quick3DAssetImport5-5.15.8+kde1-150500.3.3.1
openSUSE Leap 15.5:libQt5Quick3D5-5.15.8+kde1-150500.3.3.1
openSUSE Leap 15.5:libQt5Quick3DAssetImport5-5.15.8+kde1-150500.3.3.1
Ссылки
- CVE-2024-40724
- SUSE Bug 1228142