CVE-2021-45948

Published: 1 January 2022

Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper).

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
assimp Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	focal	Not vulnerable (code not present)
	hirsute	Ignored (reached end-of-life)
	impish	Not vulnerable (code not present)
	jammy	Not vulnerable (5.2.2~ds0-1)
	trusty	Ignored (out of standard support, was not-affected)
	upstream	Released (5.1.1~ds0-1)
	xenial	Ignored (out of standard support, was not-affected)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45948
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml
https://github.com/assimp/assimp/pull/4146
https://github.com/assimp/assimp/commit/30f17aa2064b86c0096f0ec701b9e8ea9312fef2 (v5.1.0)
NVD
Launchpad
Debian

Bugs

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›