PT-2022-5112 · Assimp+2 · Assimp+2
0Xdd96
·
Published
2022-07-26
·
Updated
2022-10-17
·
CVE-2022-38528
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Open Asset Import Library (Assimp) versions prior to the version containing the fix for the segmentation violation in Assimp::XFileImporter::CreateMeshes()
Description
The issue is related to a segmentation violation in the Assimp::XFileImporter::CreateMeshes() function of the Open Asset Import Library (Assimp). This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is associated with the component Assimp::XFileImporter::CreateMeshes.
Recommendations
For Open Asset Import Library (Assimp) versions prior to the version containing the fix, consider disabling the
Assimp::XFileImporter::CreateMeshes() function until a patch is available to prevent potential exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Assimp
Debian
Red Os