Zhang Yuqing

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 5.4.3 **Description** A critical issue was found in the Open Asset Import Library Assimp, affecting the `Assimp::GetNextLine` function in the `ParsingUtils.h` library of the File Handler component. This issue leads to a stack-based buffer overflow. The attack can be initiated remotely. **Recommendations** For Open Asset Import Library Assimp version 5.4.3, as a temporary workaround, consider disabling the `Assimp::GetNextLine` function until a patch is available. Restrict access to the File Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 5.4.3 **Description** A critical issue has been found in the Open Asset Import Library Assimp, affecting the function `Assimp::BaseImporter::ConvertToUTF8` of the file `BaseImporter.cpp` in the `File Handler` component. This issue leads to a heap-based buffer overflow and can be initiated remotely. **Recommendations** For Open Asset Import Library Assimp version 5.4.3, as a temporary workaround, consider disabling the `Assimp::BaseImporter::ConvertToUTF8` function until a patch is available. Restrict access to the `File Handler` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HDF5 version 1.14.6 **Description** A critical issue was found in the `H5SM delete` function of the `h5 File Handler` component, located in the `H5SM.c` file. This issue leads to a heap-based buffer overflow. The attack can be launched remotely, but it has a high complexity and is considered difficult to exploit. The exploit has been publicly disclosed. **Recommendations** For HDF5 version 1.14.6, as a temporary workaround, consider disabling the `H5SM delete` function until a patch is available. Restrict access to the `h5 File Handler` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.