CVE-2024-53425

CVSS 3.1 Score 6.2 of 10 (medium)

Details

Published Nov 21, 2024
Updated: Nov 26, 2024
CWE ID 120

Summary

CVE-2024-53425 is a newly identified heap-buffer-overflow vulnerability affecting Assimp version 5.4.3. This issue arises when processing malformed MD5 model files in the SkipSpacesAndLineEnd function. The consequence of this vulnerability is an out-of-bounds read, potentially resulting in an application crash. Successful exploitation of this vulnerability could enable an attacker to execute arbitrary code within the Assimp software, posing a significant security risk. Users are advised to update to the latest version of Assimp to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share