A vulnerability was detected in Assimp up to 6.0.4
The Assimp library has a vulnerability that can cause a null pointer dereference when importing embedded textures. This can lead to a crash or potentially allow an attacker to execute arbitrary code. The issue is caused by a flaw in the glTF2Importer function.
A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue. The pull request to fix this issue awaits acceptance.
Developers using the Assimp library for 3D model importing are at low risk of a crash or code execution due to this local vulnerability.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
0
Affected Products
8
References
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Exploitability
Impact