CVE-2024-48426
Public on 2024-10-24
Modified on 2026-05-14
Description
A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. The crash occurred due to a read access to an invalid memory address (0x1000c9714971).
Amazon Linux will not provide fixes for: CVE-2024-48426, CVE-2025-2752, CVE-2025-15538, CVE-2025-6119, CVE-2025-11275, CVE-2025-11274. These issues can only be triggered when processing specially crafted 3D model files from untrusted sources. The vulnerabilities are rated low to moderate severity and fixing them carries a high risk of regressions in 3D rendering functionality. Customers are advised to only use 3D asset files from trusted sources. No fix is planned for Amazon Linux at this time.
Amazon Linux will not provide fixes for: CVE-2024-48426, CVE-2025-2752, CVE-2025-15538, CVE-2025-6119, CVE-2025-11275, CVE-2025-11274. These issues can only be triggered when processing specially crafted 3D model files from untrusted sources. The vulnerabilities are rated low to moderate severity and fixing them carries a high risk of regressions in 3D rendering functionality. Customers are advised to only use 3D asset files from trusted sources. No fix is planned for Amazon Linux at this time.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | qt5-qt3d | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |