CVE-2024-40724

EUVD-2024-38589
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
assimpassimp
𝑥
< 5.4.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
open_asset_import_libraryopen_asset_import_library
𝑥
< 5.4.2
ADP
Debian logo
Debian Releases
Debian Product
Codename
assimp
bookworm
ignored
bullseye
no-dsa
forky
6.0.2+ds-1
fixed
sid
6.0.2+ds-1
fixed
trixie
5.4.3+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
assimp
bionic
needed
focal
needed
jammy
needed
noble
needed
oracular
not-affected
plucky
not-affected
questing
not-affected
xenial
needed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libQt53DAnimation-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DAnimation5
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DCore-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DCore5
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DExtras-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DExtras5
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DInput-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DInput5
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DLogic-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DLogic5
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DQuick-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DQuick5
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DQuickAnimation-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DQuickAnimation5
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DQuickExtras-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DQuickExtras5
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DQuickInput-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DQuickInput5
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DQuickRender-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DQuickRender5
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DQuickScene2D-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DQuickScene2D5
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DRender-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libQt53DRender5
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libqt5-qt3d-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libqt5-qt3d-imports
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libqt5-qt3d-private-headers-devel
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
libqt5-qt3d-tools
suse enterprise sap 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise sap 15 SP3
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP2
5.12.7-150200.4.3.1
fixed
suse enterprise server 15 SP3
5.12.7-150200.4.3.1
fixed
Common Weakness Enumeration
References
https://github.com/assimp/assimp/pull/5651/commits/614911bb3b1bfc3a1799ae2b3cca306270f3fb97
https://github.com/assimp/assimp/releases/tag/v5.4.2
https://jvn.jp/en/jp/JVN87710540/
https://github.com/assimp/assimp/pull/5651/commits/614911bb3b1bfc3a1799ae2b3cca306270f3fb97
https://github.com/assimp/assimp/releases/tag/v5.4.2
https://jvn.jp/en/jp/JVN87710540/