{"id":"UBUNTU-CVE-2021-45948","details":"Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper).","modified":"2025-07-16T07:20:02.969764Z","published":"2022-01-01T00:15:00Z","withdrawn":"2025-07-18T16:47:05Z","upstream":["CVE-2021-45948"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-45948"},{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416"},{"type":"REPORT","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml"},{"type":"REPORT","url":"https://github.com/assimp/assimp/pull/4146"},{"type":"REPORT","url":"https://github.com/assimp/assimp/commit/30f17aa2064b86c0096f0ec701b9e8ea9312fef2"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2021-45948"}],"affected":[{"package":{"name":"assimp","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/assimp@5.2.2~ds0-1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.2~ds0-1"}]}],"versions":["5.0.1~ds0-2","5.0.1~ds0-3ubuntu1","5.1.4~ds0-1","5.1.5~ds0-1","5.1.6~ds0-1","5.2.0~ds0-2","5.2.1~ds0-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"5.2.2~ds0-1","binary_name":"assimp-testmodels"},{"binary_version":"5.2.2~ds0-1","binary_name":"assimp-utils"},{"binary_version":"5.2.2~ds0-1","binary_name":"assimp-utils-dbgsym"},{"binary_version":"5.2.2~ds0-1","binary_name":"libassimp-dev"},{"binary_version":"5.2.2~ds0-1","binary_name":"libassimp-doc"},{"binary_version":"5.2.2~ds0-1","binary_name":"libassimp5"},{"binary_version":"5.2.2~ds0-1","binary_name":"libassimp5-dbgsym"},{"binary_version":"5.2.2~ds0-1","binary_name":"python3-pyassimp"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-45948.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}