Sand

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 6.0.2 **Description** A flaw exists within the Open Asset Import Library Assimp. The issue is related to resource allocation and occurs in the `Q3DImporter::InternReadFile` function located in the file `assimp/code/AssetLib/Q3D/Q3DLoader.cpp`. The exploitation of this issue is limited to local execution. The details of the exploit have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 6.0.2 **Description** A heap-based buffer overflow exists in the function `ODDLParser::getNextSeparator` within the `assimp/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h` library. This issue can be triggered locally and an exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 6.0.2 **Description** A flaw exists in Open Asset Import Library Assimp 6.0.2 within the `Q3DImporter::InternReadFile` function located in the `assimp/code/AssetLib/Q3D/Q3DLoader.cpp` file. This can lead to a heap-based buffer overflow. The issue is exploitable locally, and details about the exploit are publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OGRECave Ogre versions up to 14.4.1 **Description** A security flaw exists in OGRECave Ogre, potentially leading to a heap-based buffer overflow. The issue is located within the `STBIImageCodec::encode` function in the `/ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp` file of the Image Handler component. Exploitation requires local access. The exploit has been publicly released. **Recommendations** Versions prior to 14.4.1 should be updated. As a temporary workaround, consider restricting access to the vulnerable file `/ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BehaviorTree versions prior to 4.7.0 **Description** A flaw exists in BehaviorTree due to a null pointer dereference in the `JsonExporter::fromJson` function located in `/src/json export.cpp`. Manipulation of the `Source` argument triggers this issue. The exploit is publicly available and requires local access. **Recommendations** Install the patch 4b23dcaf0ce951a31299ebdd61df69f9ce99a76d to address this issue.

**Name of the Vulnerable Software and Affected Versions** OGRECave Ogre versions prior to 14.4.1 **Description** A flaw exists in OGRECave Ogre that allows for a null pointer dereference. This occurs due to manipulation of the `mDefaultLog` argument within the `Ogre::LogManager::stream` function, located in the file `/ogre/OgreMain/src/OgreLogManager.cpp`. The issue is exploitable from a local position and the exploit is publicly available. **Recommendations** Update to a version newer than 14.4.1.

**Name of the Vulnerable Software and Affected Versions** OGRECave Ogre versions through 14.4.1 **Description** A flaw exists in OGRECave Ogre that relates to mismatched memory management routines. This issue is present in the `STBIImageCodec::encode` function located in the file `/ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp`. Exploitation is limited to local execution, and the exploit has been publicly released. **Recommendations** Update to a version beyond 14.4.1.

**Name of the Vulnerable Software and Affected Versions** BehaviorTree versions prior to 4.7.0 **Description** A flaw exists in BehaviorTree that could lead to a stack-based buffer overflow. This issue is related to the manipulation of the `error msgs buffer` argument within the `ParseScript` function located in the `/src/script parser.cpp` file of the Diagnostic Message Handler component. The exploit has been publicly disclosed and can be executed locally. **Recommendations** Apply the patch cb6c7514efa628adb8180b58b4c9ccdebbe096e3 to remediate this issue.

**Name of the Vulnerable Software and Affected Versions** BehaviorTree versions prior to 4.7.1 **Description** A flaw exists in BehaviorTree due to a null pointer dereference within the `XMLParser::PImpl::loadDocImpl` function located in the `/src/xml parsing.cpp` file of the XML Parser component. This issue can be triggered locally. The exploit is publicly available. **Recommendations** Update BehaviorTree to version 4.7.1 or later. As a temporary workaround, consider restricting access to the XML Parser component to minimize the risk of exploitation.