Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-09-26
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.
CVSS Score
8.4
EPSS Score
0.001
Published
2024-09-18
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-07-19
An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-01-20
Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-09-06
Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper).
CVSS Score
5.5
EPSS Score
0.002
Published
2022-01-01
Page 5