CVE-2024-40724

Published: 19 July 2024

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.

Priority

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package	Release	Status
assimp Launchpad, Ubuntu, Debian	bionic	Needed
	focal	Needed
	jammy	Needed
	noble	Needed
	upstream	Released (5.4.2+ds-1)
	xenial	Needed

Severity score breakdown

Parameter	Value
Base score	7.8
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://www.cve.org/CVERecord?id=CVE-2024-40724
https://github.com/assimp/assimp/commit/ddb74c2bbdee1565dda667e85f0c82a0588c8053 (v5.4.2)
https://github.com/assimp/assimp/releases/tag/v5.4.2
https://github.com/assimp/assimp/pull/5651/commits/614911bb3b1bfc3a1799ae2b3cca306270f3fb97
https://jvn.jp/en/jp/JVN87710540/
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/bugs/2077445

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›