Tygls

**Name of the Vulnerable Software and Affected Versions** Assimp versions prior to 6.0.5 **Description** A heap-based buffer overflow occurs in the Half-Life 1 MDL Loader component. The issue is located within the `read meshes()` function of the HL1MDLLoader.cpp file. This flaw allows for local execution of an attack. **Recommendations** Update to version 6.0.5 or later. As a temporary workaround, restrict the use of the Half-Life 1 MDL Loader component.

**Name of the Vulnerable Software and Affected Versions** Assimp versions prior to 6.0.5 **Description** A heap-based buffer overflow occurs in the Half-Life 1 MDL Loader component within the `read animations()` function of the HL1MDLLoader.cpp file. This issue requires local access to be exploited. **Recommendations** Update to version 6.0.5 or later. As a temporary workaround, restrict the use of the `read animations()` function in the Half-Life 1 MDL Loader component.

**Name of the Vulnerable Software and Affected Versions** Assimp versions prior to 6.0.5 **Description** A heap-based buffer overflow occurs in the Half-Life 1 MDL Loader component within the `HL1MDLLoader::extract anim value()` function of the HL1MDLLoader.cpp file. This issue is triggered by manipulating the `num.total` argument and requires the attack to be initiated from a local position. **Recommendations** Update to version 6.0.5 or later. As a temporary workaround, restrict the use of the Half-Life 1 MDL Loader component.

**Name of the Vulnerable Software and Affected Versions** Assimp versions prior to 6.0.5 **Description** A use after free issue exists in the ASE File Parser component within the `aiNode::~aiNode()` function of the scene.cpp file. This flaw allows a local attacker to execute a manipulation that leads to the use of memory after it has been freed. **Recommendations** Update to version 6.0.5 or later. As a temporary workaround, restrict the use of the ASE File Parser component.

**Name of the Vulnerable Software and Affected Versions** Assimp versions prior to 6.0.5 **Description** An out-of-bounds read occurs in the Half-Life 1 MDL Loader component within the `HL1MDLLoader::read sequence infos()` function of the HL1MDLLoader.cpp file. This issue is triggered by the manipulation of the `aiString` argument and requires local access to be exploited. **Recommendations** Update to version 6.0.5 or later. As a temporary workaround, restrict the use of the `HL1MDLLoader::read sequence infos()` function.

**Name of the Vulnerable Software and Affected Versions** Assimp versions prior to 6.0.5 **Description** A null pointer dereference occurs in the TF File Handler component within the `glTF2Importer::ImportEmbeddedTextures()` function located in the `code/AssetLib/glTF2/glTF2Importer.cpp` library file. This issue can be triggered through local access by manipulating the input processed by the function. **Recommendations** Apply the available patch to resolve the issue. As a temporary mitigation, restrict local access to the `glTF2Importer::ImportEmbeddedTextures()` function.

**Name of the Vulnerable Software and Affected Versions** Assimp versions prior to 6.0.5 **Description** A null pointer dereference occurs in the `glTFImporter` component within the `Assimp::glTFImporter::ImportMeshes()` function of the `glTFImporter.cpp` file. This issue allows for local execution attacks. **Recommendations** Update to a version later than 6.0.4. As a temporary workaround, restrict the use of the `Assimp::glTFImporter::ImportMeshes()` function.

**Name of the Vulnerable Software and Affected Versions** Assimp versions prior to 6.0.5 **Description** A null pointer dereference occurs in the `glTF2::LazyDict` function within the `glTF2Asset.h` library. This issue is triggered by the manipulation of the `operator[]` argument and requires local access to be exploited. **Recommendations** Apply patch d24b85319bd70c65883a2b96613e07e23fb95981 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Assimp versions prior to 6.0.5 **Description** A heap-based buffer overflow exists in the 4x4 Matrix Parser component within the `glTFCommon.h` library. This issue occurs in the `glTFCommon::CopyValue()` function and can be triggered by a local attacker through specific manipulation, potentially allowing for arbitrary code execution. **Recommendations** Update to version 6.0.5 or later. As a temporary workaround, restrict the use of the `glTFCommon::CopyValue()` function in the 4x4 Matrix Parser component.

**Name of the Vulnerable Software and Affected Versions** Assimp versions prior to 6.0.5 **Description** A divide by zero error exists in the UV Channel Handler component within the `FBXExporter::WriteObjects()` function of the `FBXExporter.cpp` file. This issue can be triggered through local manipulation. **Recommendations** Update to a version later than 6.0.4 to resolve this issue. As a temporary mitigation, restrict the use of the `FBXExporter::WriteObjects()` function.

**Name of the Vulnerable Software and Affected Versions** ggml-org llama.cpp versions prior to 55abc39 **Description** A flaw exists in the GBNF Grammar Handler component of ggml-org llama.cpp. Specifically, the `llama grammar advance stack` function within the `llama.cpp/src/llama-grammar.cpp` file is susceptible to a stack-based buffer overflow. This manipulation requires local access to launch the attack. An exploit for this issue has been published. **Recommendations** Apply patch 18993.