CVE-2024-48426

Published: Oct 24, 2024Modified: May 28, 2025

6.2

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.5 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).

Affected (1)

Products: Assimp: Assimp

Assimp

1 product

Assimp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Assimp Assimp	Version 5.4.3

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://github.com/assimp/assimp/issues/5789

Source: cve@mitre.org

ExploitIssue Tracking

Timeline

No history available yet.