关键信息 漏洞描述 漏洞编号: JVN#42386607 漏洞名称: Assimp vulnerable to heap-based buffer overflow 受影响产品: Assimp versions prior to 5.4.3 影响 漏洞类型: Heap-based buffer overflow 描述: PlyLoader.cpp of Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability (CWE-122). 影响范围 受影响版本: Assimp versions prior to 5.4.3 解决方案 建议: Update the Software 更新: Update the software to the latest version according to the information provided by the developer. 已修复: The developer has released version 5.4.3 that contains a fix for this vulnerability. 厂商状态 厂商: Open Asset Import Library 链接: The Assimp 5.4.3 Bugfix Release 参考链接 JPCERT/CC Addendum Vulnerability Analysis by JPCERT/CC - CVSS v3: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - Base Score: 8.4 信用 报告者: Yuhei Kawakoya of NTT Security Holdings 协调: JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. 其他信息 JPCERT Alert JPCERT Reports CERT Advisory CPNI Advisory TRnotes CVE: CVE-2024-45679 JVN iPedia: JVNDB-2024-000099 总结 漏洞类型: Heap-based buffer overflow 受影响版本: Assimp versions prior to 5.4.3 解决方案: 更新到最新版本(5.4.3) 厂商状态: 已修复 信用: 由NTT Security Holdings的Yuhei Kawakoya报告 协调: 通过信息安全管理早期预警伙伴关系协调 其他信息: 包括CVE编号和JVN iPedia链接