CVE-2024-45679

Published: 9/18/2024 Last updated: 9/18/2024 Reserved: 9/3/2024

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.

CNA assigner: jpcert (ede6fdc4-6654-4307-a26d-3331c018e2ce) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	8.4	High	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (2)

assimp conf-assimp

Products affected (1)

Product	Vendor	Version
Assimp	Open Asset Import Library	7.5.6

References (2)

https://github.com/assimp/assimp/releases/tag/v5.4.3
https://jvn.jp/en/jp/JVN42386607/