assimp - Debian Package Tracker

general

source: assimp (main)
version: 5.4.3+ds-2
maintainer: IOhannes m zmölnig (Debian/GNU) (DMD)
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.1.0~dfsg-5
oldstable: 5.0.1~ds0-2
old-bpo: 5.2.5~ds0-1~bpo11+1
stable: 5.2.5~ds0-1
testing: 5.4.3+ds-2
unstable: 5.4.3+ds-2

versioned links

4.1.0~dfsg-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.0.1~ds0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.2.5~ds0-1~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.2.5~ds0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.4.3+ds-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

assimp-testmodels
assimp-utils
libassimp-dev
libassimp-doc
libassimp5
python3-pyassimp

action needed

7 security issues in trixie high

There are 7 open security issues in trixie.

7 important issues:

CVE-2022-38528: Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes.
CVE-2024-46632: Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
CVE-2024-48423: An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.
CVE-2024-48424: A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.
CVE-2024-48425: A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference.
CVE-2024-48426: A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).
CVE-2024-53425: A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash.

Created: 2023-06-11 Last update: 2024-12-19 19:00

7 security issues in sid high

There are 7 open security issues in sid.

7 important issues:

CVE-2022-38528: Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes.
CVE-2024-46632: Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
CVE-2024-48423: An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.
CVE-2024-48424: A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.
CVE-2024-48425: A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference.
CVE-2024-48426: A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).
CVE-2024-53425: A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash.

Created: 2022-09-07 Last update: 2024-12-19 19:00

Depends on packages which need a new maintainer normal

The packages that assimp depends on which need a new maintainer are:

utfcpp (#1065736)
- Build-Depends: libutfcpp-dev

Created: 2024-03-03 Last update: 2025-01-20 13:34

lintian reports 7 warnings normal

Lintian reports 7 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-09-10 Last update: 2024-09-10 12:32

10 low-priority security issues in bookworm low

There are 10 open security issues in bookworm.

6 issues left for the package maintainer to handle:

CVE-2022-38528: (needs triaging) Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes.
CVE-2024-46632: (postponed; to be fixed through a stable update) Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
CVE-2024-48423: (postponed; to be fixed through a stable update) An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library.
CVE-2024-48424: (postponed; to be fixed through a stable update) A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files.
CVE-2024-48426: (needs triaging) A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).
CVE-2024-53425: (postponed; to be fixed through a stable update) A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash.

You can find information about how to handle these issues in the security team's documentation.

4 ignored issues:

CVE-2022-45748: An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.
CVE-2024-40724: Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.
CVE-2024-45679: Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.
CVE-2024-48425: A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference.

Created: 2023-06-10 Last update: 2024-12-19 19:00

debian/patches: 7 patches to forward upstream low

Among the 9 debian patches available in version 5.4.3+ds-2 of the package, we noticed the following issues:

7 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2024-09-10 08:31

Build log checks report 3 warnings low

Build log checks report 3 warnings

Created: 2023-06-29 Last update: 2024-07-17 22:06

testing migrations

This package will soon be part of the auto-draco transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2024-09-12] assimp 5.4.3+ds-2 MIGRATED to testing (Debian testing watch)
[2024-09-09] Accepted assimp 5.4.3+ds-2 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2024-07-20] assimp 5.4.2+ds-1 MIGRATED to testing (Debian testing watch)
[2024-07-17] Accepted assimp 5.4.2+ds-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2024-05-26] assimp 5.4.1+ds-1 MIGRATED to testing (Debian testing watch)
[2024-05-24] Accepted assimp 5.4.1+ds-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2024-05-01] assimp 5.4.0+ds-1 MIGRATED to testing (Debian testing watch)
[2024-05-01] assimp 5.4.0+ds-1 MIGRATED to testing (Debian testing watch)
[2024-04-08] Accepted assimp 5.4.0+ds-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2024-03-19] Accepted assimp 5.3.1+ds-2 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2023-10-26] assimp 5.3.1+ds-1 MIGRATED to testing (Debian testing watch)
[2023-10-22] Accepted assimp 5.3.1+ds-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2023-06-24] assimp 5.2.5~ds0-1.1 MIGRATED to testing (Debian testing watch)
[2023-06-21] Accepted assimp 5.2.5~ds0-1.1 (source) into unstable (Timo Röhling)
[2022-09-28] Accepted assimp 5.2.5~ds0-1~bpo11+1 (source) into bullseye-backports (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2022-09-19] assimp 5.2.5~ds0-1 MIGRATED to testing (Debian testing watch)
[2022-09-16] Accepted assimp 5.2.5~ds0-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2022-09-04] Accepted assimp 5.2.4~ds0-3~bpo11+1 (source) into bullseye-backports (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2022-08-16] assimp 5.2.4~ds0-3 MIGRATED to testing (Debian testing watch)
[2022-08-16] assimp 5.2.4~ds0-3 MIGRATED to testing (Debian testing watch)
[2022-08-11] Accepted assimp 5.2.4~ds0-3 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2022-08-10] Accepted assimp 5.2.4~ds0-1.1 (source) into unstable (Timo Röhling)
[2022-05-23] Accepted assimp 5.2.4~ds0-1~bpo11+1 (source all amd64) into bullseye-backports, bullseye-backports (Debian FTP Masters) (signed by: IOhannes m zmölnig)
[2022-05-23] Accepted assimp 5.2.2~ds0-1~bpo11+1 (source all amd64) into bullseye-backports, bullseye-backports (Debian FTP Masters) (signed by: IOhannes m zmölnig)
[2022-05-20] assimp 5.2.4~ds0-1 MIGRATED to testing (Debian testing watch)
[2022-05-14] Accepted assimp 5.2.4~ds0-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2022-02-27] assimp 5.2.2~ds0-1 MIGRATED to testing (Debian testing watch)
[2022-02-22] Accepted assimp 5.2.2~ds0-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)
[2022-02-15] assimp 5.2.1~ds0-1 MIGRATED to testing (Debian testing watch)
[2022-02-09] Accepted assimp 5.2.1~ds0-1 (source) into unstable (IOhannes m zmölnig (Debian/GNU)) (signed by: IOhannes m zmölnig)

bugs [bug history graph]

all: 8
RC: 0
I&N: 8
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 7)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.4.3+ds-2
4 bugs