A vulnerability was found in Assimp up to 6.0.4
A heap-based buffer overflow vulnerability exists in the glTFCommon::CopyValue function of the Assimp library, which can be exploited by manipulating 4x4 matrix parser data. This can lead to arbitrary code execution. The vulnerability can be triggered locally.
A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The project tagged the reported issue as bug.
Developers using Assimp library versions up to 6.0.4 are at risk of arbitrary code execution via locally triggered exploits.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
0
Affected Products
7
References
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability
Impact