A vulnerability has been found in Assimp up to 6.0.4
The Assimp library has a vulnerability that can cause a null pointer dereference when accessing a dictionary. This can lead to a crash or potentially allow an attacker to execute arbitrary code. The issue is caused by a flaw in the LazyDict function.
A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is d24b85319bd70c65883a2b96613e07e23fb95981. It is best practice to apply a patch to resolve this issue.
Developers using the Assimp library for 3D model importing are at low risk of a crash or code execution due to this local vulnerability.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
0
Affected Products
9
References
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Exploitability
Impact