CVE-2024-40724

Published: 7/19/2024 Last updated: 3/25/2025 Reserved: 7/9/2024

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.

CNA assigner: jpcert (ede6fdc4-6654-4307-a26d-3331c018e2ce) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	8.4	High	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (2)

assimp conf-assimp

Products affected (1)

Product	Vendor	Version
Assimp	Open Asset Import Library	< 10.0.17763.2061

References (6)

https://github.com/assimp/assimp/releases/tag/v5.4.2
https://github.com/assimp/assimp/pull/5651/commits/614911bb3b1bfc3a1799ae2b3cca306270f3fb97
https://jvn.jp/en/jp/JVN87710540/
https://github.com/assimp/assimp/releases/tag/v5.4.2
https://github.com/assimp/assimp/pull/5651/commits/614911bb3b1bfc3a1799ae2b3cca306270f3fb97
https://jvn.jp/en/jp/JVN87710540/