CVE-2024-53425
CVSS 3.1 Score 6.2 of 10 (medium)
Details
Published Nov 21, 2024
Updated: Nov 26, 2024
CWE ID 120
Summary
CVE-2024-53425 is a newly identified heap-buffer-overflow vulnerability affecting Assimp version 5.4.3. This issue arises when processing malformed MD5 model files in the SkipSpacesAndLineEnd function. The consequence of this vulnerability is an out-of-bounds read, potentially resulting in an application crash. Successful exploitation of this vulnerability could enable an attacker to execute arbitrary code within the Assimp software, posing a significant security risk. Users are advised to update to the latest version of Assimp to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Assimp