CVE-2022-45748

Name of the Vulnerable Software and Affected Versions assimp version 5.1.4

Description A use after free issue occurred in the ColladaParser::ExtractDataObjectFromChannel function, located in the /code/AssetLib/Collada/ColladaParser.cpp file. This issue is related to the implementation of the ColladaParser::ExtractDataObjectFromChannel() function in the Open Asset Import Library (Assimp), which is a library for importing 3D models. The exploitation of this issue may allow a remote attacker to gain unauthorized access to confidential information.

Recommendations For assimp version 5.1.4, consider disabling the ColladaParser::ExtractDataObjectFromChannel() function as a temporary workaround until a patch is available. Restrict access to the /code/AssetLib/Collada/ColladaParser.cpp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.