A flaw has been found in Assimp up to 6.0.4
The Assimp library has another vulnerability that can cause a null pointer dereference when importing meshes. This can lead to a crash or potentially allow an attacker to execute arbitrary code. The issue is caused by a flaw in the glTFImporter function.
A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been published and may be used. The project tagged the reported issue as bug.
Developers using the Assimp library for 3D model importing are at low risk of a crash or code execution due to this local vulnerability.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
0
Affected Products
7
References
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Exploitability
Impact