diff --git a/CVE-2024-48425.patch b/CVE-2024-48425.patch new file mode 100644 index 0000000000000000000000000000000000000000..d10d2a9e4736533c9f0c6b22adab1f7923316909 --- /dev/null +++ b/CVE-2024-48425.patch @@ -0,0 +1,29 @@ +From ecdf8d24b85367b22ba353b4f82299d4af7f1f97 Mon Sep 17 00:00:00 2001 +From: Kim Kulling +Date: Mon, 7 Oct 2024 10:30:45 +0200 +Subject: [PATCH] SplitLargeMeshes: Fix crash (#5799) + +- Fix nullptr access when rootnode of the scene is a nullptr. This can happen even if the scene stores any kind of meshes. closes https://github.com/assimp/assimp/issues/5791 +--- + code/PostProcessing/SplitLargeMeshes.cpp | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/code/PostProcessing/SplitLargeMeshes.cpp b/code/PostProcessing/SplitLargeMeshes.cpp +index 3bee28521..cb9727651 100644 +--- a/code/PostProcessing/SplitLargeMeshes.cpp ++++ b/code/PostProcessing/SplitLargeMeshes.cpp +@@ -100,6 +100,11 @@ void SplitLargeMeshesProcess_Triangle::SetupProperties( const Importer* pImp) { + // ------------------------------------------------------------------------------------------------ + // Update a node after some meshes have been split + void SplitLargeMeshesProcess_Triangle::UpdateNode(aiNode* pcNode, const std::vector >& avList) { ++ if (pcNode == nullptr) { ++ ASSIMP_LOG_WARN("UpdateNode skipped, nullptr detected."); ++ return; ++ } ++ + // for every index in out list build a new entry + std::vector aiEntries; + aiEntries.reserve(pcNode->mNumMeshes + 1); +-- +2.33.0 + diff --git a/assimp.spec b/assimp.spec index d537004de00284ca6e09be9e90fdb459a1536c34..6bd82f5f216fa4d55c200660c1f53bb0565bd6fe 100644 --- a/assimp.spec +++ b/assimp.spec @@ -1,6 +1,6 @@ Name: assimp Version: 5.3.1 -Release: 4 +Release: 5 Summary: Library to load and process various 3D model formats into applications. License: BSD and MIT and LGPL-2.1 and LGPL-2.0 and GPL-2.0 and LGPL-3.0 and GPL-3.0 URL: http://www.assimp.org/ @@ -14,6 +14,7 @@ Source0: assimp-%{version}-free.tar.xz Patch01: CVE-2024-40724-Fix-out-of-bound-access-5651.patch Patch02: CVE-2024-45679.patch +Patch03: CVE-2024-48425.patch BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zziplib) @@ -93,6 +94,9 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass %{python3_sitelib}/pyassimp %changelog +* Sat Oct 26 2024 liningjie - 5.3.1-5 +- Fix CVE-2024-48425 + * Thu Sep 19 2024 wangkai <13474090681@163.com> - 5.3.1-4 - fix CVE-2024-45679