Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 936586 (CVE-2024-40724)

Summary: <media-libs/assimp-5.4.2: heap-based buffer overflow
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: negril.nx+gentoo, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [stable?]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2024-07-24 09:23:38 UTC
https://bugzilla.redhat.com/show_bug.cgi?id=2298818 :

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.

https://github.com/assimp/assimp/pull/5651/files