Candidate: CVE-2021-45948
PublicDate: 2022-01-01 00:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45948
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416
 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml
 https://github.com/assimp/assimp/pull/4146
 https://github.com/assimp/assimp/commit/30f17aa2064b86c0096f0ec701b9e8ea9312fef2 (v5.1.0)
Description:
 Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based
 buffer overflow in _m3d_safestr (called from m3d_load and
 Assimp::M3DWrapper::M3DWrapper).
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_assimp:
 upstream: https://github.com/assimp/assimp/commit/30f17aa2064b86c0096f0ec701b9e8ea9312fef2
upstream_assimp: released (5.1.1~ds0-1)
trusty_assimp: ignored (out of standard support, was not-affected)
xenial_assimp: ignored (out of standard support, was not-affected)
bionic_assimp: not-affected (code not present)
focal_assimp: not-affected (code not present)
hirsute_assimp: ignored (reached end-of-life)
impish_assimp: not-affected (code not present)
jammy_assimp: not-affected (5.2.2~ds0-1)
devel_assimp: not-affected (5.2.2~ds0-1)