CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.0%
Assimp is vulnerable to heap-based buffer overflow. The vulnerability is due to improper handling of crafted Polygon File Format (ply) files within PlyLoader.cpp, which allows a local attacker to execute arbitrary code.
github.com/advisories/GHSA-rvvf-rc7q-23qm
github.com/assimp/assimp/commit/614911bb3b1bfc3a1799ae2b3cca306270f3fb97
github.com/assimp/assimp/commit/ddb74c2bbdee1565dda667e85f0c82a0588c8053
github.com/assimp/assimp/pull/5651/commits/614911bb3b1bfc3a1799ae2b3cca306270f3fb97
github.com/assimp/assimp/releases/tag/v5.4.2
jvn.jp/en/jp/JVN87710540/