assimp CVE Vulnerabilities & Metrics

About assimp Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with assimp. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Critical assimp CVEs (CVSS ≥ 9) Over 20 Years

Top 5 Highest CVSS assimp CVEs

These are the five CVEs with the highest CVSS scores for assimp, sorted by severity first and recency.

• CVE-2021-45948 assimp Published on 01 Jan 2022, 00:15 UTC (CVSS: 4.3)
  Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper).
• CVE-2024-48423 assimp Published on 24 Oct 2024, 21:15 UTC (CVSS: 0)
  An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.
• CVE-2024-40724 assimp Published on 19 Jul 2024, 08:15 UTC (CVSS: 0)
  Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.
• CVE-2022-45748 assimp Published on 20 Jan 2023, 19:15 UTC (CVSS: 0)
  An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.
• CVE-2022-38528 assimp Published on 06 Sep 2022, 23:15 UTC (CVSS: 0)
  Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes.

All CVEs for assimp