PT-2024-31725 · Assimp+3 · Assimp+3

Yuhei Kawakoya

Published

2024-09-17

Updated

2025-08-13

CVE-2024-45679

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Assimp versions prior to 5.4.3

Description: A heap-based buffer overflow issue allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. This can be achieved through the import functionality of the product.

Recommendations: For versions prior to 5.4.3, update to version 5.4.3 or later to resolve the issue. As a temporary workaround, consider restricting the import of files from untrusted sources until the update is applied.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALT-PU-2025-10063

BDU:2025-02665

CVE-2024-45679

OESA-2024-2194

OESA-2024-2195

OESA-2024-2196

OESA-2024-2197

OPENSUSE-SU-2024:14342-1

Affected Products

Alt Linux

Assimp

Debian

Red Os

PT-2024-31725 · Assimp+3 · Assimp+3

CVE-2024-45679

Weakness Enumeration

Related Identifiers

Affected Products

References · 28