Debian Assimp vulnerabilities

CVE-2024-46632 [MEDIUM] CVE-2024-46632: assimp - Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshF... Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2024-48424 [MEDIUM] CVE-2024-48424: assimp - A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::p... A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 6.0.2+ds-1) sid: resolved (fixed in 6.0.2+ds-1) trixie: open

CVE-2024-53425 [MEDIUM] CVE-2024-53425: assimp - A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd ... A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 6.0.2+ds-1) sid: resolved (fixed in 6.0.2+ds-1) trixie:

CVE-2024-48426 [MEDIUM] CVE-2024-48426: assimp - A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute func... A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971). Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2022-45748 [HIGH] CVE-2022-45748: assimp - An issue was discovered with assimp 5.1.4, a use after free occurred in function... An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 5.3.1+ds-2) sid: resolved (fixed in 5.3.1+ds-2) trixie: resolved (fixed in 5.3.1+ds-2)

CVE-2022-38528 [MEDIUM] CVE-2022-38528: assimp - Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a se... Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2021-45948 [MEDIUM] CVE-2021-45948: assimp - Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer o... Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper). Scope: local bookworm: resolved (fixed in 5.1.1~ds0-1) bullseye: resolved forky: resolved (fixed in 5.1.1~ds0-1) sid: resolved (fixed in 5.1.1~ds0-1) trixie: resolved (fixed in 5.1.1~ds0-1)