CVE-2024-40724

CVE-2024-40724

Name

CVE-2024-40724

Description

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	https://github.com/assimp/assimp/releases/tag/v5.4.2
	https://github.com/assimp/assimp/pull/5651/commits/614911bb3b1bfc3a1799ae2b3cca306270f3fb97
	https://jvn.jp/en/jp/JVN87710540/

Type

URI

https://github.com/assimp/assimp/releases/tag/v5.4.2

https://github.com/assimp/assimp/pull/5651/commits/614911bb3b1bfc3a1799ae2b3cca306270f3fb97

https://jvn.jp/en/jp/JVN87710540/

Match rules

CPE URI	Source package	Min version	Max version
	assimp	== prior to 5.4.2	== prior to 5.4.2
`cpe:2.3:a:open_asset_import_library:open_asset_import_library::::::::`	open-asset-import-library	>= 0	< 5.4.2
`cpe:2.3:a:assimp:assimp::::::::`	assimp	>= None	< 5.4.2

CPE URI

Source package

Min version

Max version

assimp

== prior to 5.4.2

cpe:2.3:a:open_asset_import_library:open_asset_import_library:*:*:*:*:*:*:*:*

open-asset-import-library

>= 0

< 5.4.2

cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*

assimp

>= None

< 5.4.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
assimp	edge-community	5.4.3-r0	Russ Webber <russ@rw.id.au>	fixed
assimp	3.20-community	5.4.3-r0	Russ Webber <russ@rw.id.au>	fixed
assimp	3.21-community	5.4.3-r0	Russ Webber <russ@rw.id.au>	fixed

Source package

Branch

Version

Maintainer

Status

assimp

edge-community

5.4.3-r0

Russ Webber <russ@rw.id.au>

fixed

assimp

3.20-community