Bug 1203187 (CVE-2022-38528)

Summary:	VUL-1: CVE-2022-38528: assimp: segmentation fault in Assimp::XFileImporter::CreateMeshes
Product:	[openSUSE] openSUSE Tumbleweed	Reporter:	Carlos López <carlos.lopez>
Component:	Security	Assignee:	Christophe Marin <christophe>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P4 - Low
Version:	Current
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/341671/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Carlos López 2022-09-07 05:58:32 UTC

CVE-2022-38528

Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a
segmentation violation via the component Assimp::XFileImporter::CreateMeshes.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38528
https://www.cve.org/CVERecord?id=CVE-2022-38528
https://github.com/assimp/assimp/issues/4662

Comment 1 Christophe Marin 2022-10-19 07:45:54 UTC

Still no upstream fix for the moment.