PT-2023-9306 · Assimp+2 · Assimp+2
Concoctionsec
·
Published
2023-01-20
·
Updated
2024-08-07
·
CVE-2022-45748
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
assimp version 5.1.4
Description
A use after free issue occurred in the
ColladaParser::ExtractDataObjectFromChannel function, located in the /code/AssetLib/Collada/ColladaParser.cpp file. This issue is related to the implementation of the ColladaParser::ExtractDataObjectFromChannel() function in the Open Asset Import Library (Assimp), which is a library for importing 3D models. The exploitation of this issue may allow a remote attacker to gain unauthorized access to confidential information.Recommendations
For assimp version 5.1.4, consider disabling the
ColladaParser::ExtractDataObjectFromChannel() function as a temporary workaround until a patch is available. Restrict access to the /code/AssetLib/Collada/ColladaParser.cpp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Red Os
Assimp