Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36905?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36905?format=api", "vulnerability_id": "VCID-6x7b-64wc-33em", "summary": "A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference.", "aliases": [ { "alias": "CVE-2024-48425" }, { "alias": "PYSEC-2024-293" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/88481?format=api", "purl": "pkg:deb/debian/assimp@6.0.2%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.2%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88476?format=api", "purl": "pkg:deb/debian/assimp@6.0.5%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/195587?format=api", "purl": "pkg:deb/debian/assimp@6.0.5%2Bds-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@6.0.5%252Bds-1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195584?format=api", "purl": "pkg:deb/debian/assimp@5.0.1~ds0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2769-cud9-hkcn" }, { "vulnerability": "VCID-37k7-tuwy-dyct" }, { "vulnerability": "VCID-4tm6-dy3n-augf" }, { "vulnerability": "VCID-4tm8-3wd9-dqf9" }, { "vulnerability": "VCID-5tf3-by7a-f3at" }, { "vulnerability": "VCID-5x44-jvd4-syhe" }, { "vulnerability": "VCID-6x7b-64wc-33em" }, { "vulnerability": "VCID-861s-k1uk-bqbx" }, { "vulnerability": "VCID-8rpj-m2sm-eyf3" }, { "vulnerability": "VCID-bksb-5e47-rqh2" }, { "vulnerability": "VCID-d6x7-b6gs-1fb1" }, { "vulnerability": "VCID-djgx-f6hj-vqg2" }, { "vulnerability": "VCID-du1h-yess-hbg5" }, { "vulnerability": "VCID-fdr7-fg84-wfeq" }, { "vulnerability": "VCID-g1qd-w5jb-cyf9" }, { "vulnerability": "VCID-hj74-hb41-tqa6" }, { "vulnerability": "VCID-j9xp-r2a3-s3b2" }, { "vulnerability": "VCID-mbgu-qpfy-zqhn" }, { "vulnerability": "VCID-prr7-2dq5-yue8" }, { "vulnerability": "VCID-qc5z-gf33-n3fr" }, { "vulnerability": "VCID-rjmg-96sd-cbec" }, { "vulnerability": "VCID-spgf-2f8x-hugb" }, { "vulnerability": "VCID-vd98-9xk6-nyah" }, { "vulnerability": "VCID-wwrp-xbcf-q7ff" }, { "vulnerability": "VCID-zwgq-5655-8uhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.0.1~ds0-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/88474?format=api", "purl": "pkg:deb/debian/assimp@5.0.1~ds0-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2769-cud9-hkcn" }, { "vulnerability": "VCID-37k7-tuwy-dyct" }, { "vulnerability": "VCID-4tm6-dy3n-augf" }, { "vulnerability": "VCID-4tm8-3wd9-dqf9" }, { "vulnerability": "VCID-5tf3-by7a-f3at" }, { "vulnerability": "VCID-5x44-jvd4-syhe" }, { "vulnerability": "VCID-6x7b-64wc-33em" }, { "vulnerability": "VCID-861s-k1uk-bqbx" }, { "vulnerability": "VCID-8rpj-m2sm-eyf3" }, { "vulnerability": "VCID-bksb-5e47-rqh2" }, { "vulnerability": "VCID-d6x7-b6gs-1fb1" }, { "vulnerability": "VCID-djgx-f6hj-vqg2" }, { "vulnerability": "VCID-du1h-yess-hbg5" }, { "vulnerability": "VCID-fdr7-fg84-wfeq" }, { "vulnerability": "VCID-g1qd-w5jb-cyf9" }, { "vulnerability": "VCID-hj74-hb41-tqa6" }, { "vulnerability": "VCID-j9xp-r2a3-s3b2" }, { "vulnerability": "VCID-mbgu-qpfy-zqhn" }, { "vulnerability": "VCID-prr7-2dq5-yue8" }, { "vulnerability": "VCID-qc5z-gf33-n3fr" }, { "vulnerability": "VCID-rjmg-96sd-cbec" }, { "vulnerability": "VCID-spgf-2f8x-hugb" }, { "vulnerability": "VCID-vd98-9xk6-nyah" }, { "vulnerability": "VCID-wwrp-xbcf-q7ff" }, { "vulnerability": "VCID-zwgq-5655-8uhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.0.1~ds0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/195585?format=api", "purl": "pkg:deb/debian/assimp@5.2.5~ds0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2769-cud9-hkcn" }, { "vulnerability": "VCID-37k7-tuwy-dyct" }, { "vulnerability": "VCID-4tm6-dy3n-augf" }, { "vulnerability": "VCID-4tm8-3wd9-dqf9" }, { "vulnerability": "VCID-5tf3-by7a-f3at" }, { "vulnerability": "VCID-5x44-jvd4-syhe" }, { "vulnerability": "VCID-6x7b-64wc-33em" }, { "vulnerability": "VCID-861s-k1uk-bqbx" }, { "vulnerability": "VCID-8rpj-m2sm-eyf3" }, { "vulnerability": "VCID-bksb-5e47-rqh2" }, { "vulnerability": "VCID-d6x7-b6gs-1fb1" }, { "vulnerability": "VCID-djgx-f6hj-vqg2" }, { "vulnerability": "VCID-du1h-yess-hbg5" }, { "vulnerability": "VCID-fdr7-fg84-wfeq" }, { "vulnerability": "VCID-g1qd-w5jb-cyf9" }, { "vulnerability": "VCID-hj74-hb41-tqa6" }, { "vulnerability": "VCID-j9xp-r2a3-s3b2" }, { "vulnerability": "VCID-mbgu-qpfy-zqhn" }, { "vulnerability": "VCID-prr7-2dq5-yue8" }, { "vulnerability": "VCID-qc5z-gf33-n3fr" }, { "vulnerability": "VCID-rjmg-96sd-cbec" }, { "vulnerability": "VCID-spgf-2f8x-hugb" }, { "vulnerability": "VCID-vd98-9xk6-nyah" }, { "vulnerability": "VCID-wwrp-xbcf-q7ff" }, { "vulnerability": "VCID-zwgq-5655-8uhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.2.5~ds0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/88472?format=api", "purl": "pkg:deb/debian/assimp@5.2.5~ds0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2769-cud9-hkcn" }, { "vulnerability": "VCID-37k7-tuwy-dyct" }, { "vulnerability": "VCID-4tm6-dy3n-augf" }, { "vulnerability": "VCID-4tm8-3wd9-dqf9" }, { "vulnerability": "VCID-5tf3-by7a-f3at" }, { "vulnerability": "VCID-5x44-jvd4-syhe" }, { "vulnerability": "VCID-6x7b-64wc-33em" }, { "vulnerability": "VCID-861s-k1uk-bqbx" }, { "vulnerability": "VCID-8rpj-m2sm-eyf3" }, { "vulnerability": "VCID-bksb-5e47-rqh2" }, { "vulnerability": "VCID-d6x7-b6gs-1fb1" }, { "vulnerability": "VCID-djgx-f6hj-vqg2" }, { "vulnerability": "VCID-du1h-yess-hbg5" }, { "vulnerability": "VCID-fdr7-fg84-wfeq" }, { "vulnerability": "VCID-g1qd-w5jb-cyf9" }, { "vulnerability": "VCID-hj74-hb41-tqa6" }, { "vulnerability": "VCID-j9xp-r2a3-s3b2" }, { "vulnerability": "VCID-mbgu-qpfy-zqhn" }, { "vulnerability": "VCID-prr7-2dq5-yue8" }, { "vulnerability": "VCID-qc5z-gf33-n3fr" }, { "vulnerability": "VCID-rjmg-96sd-cbec" }, { "vulnerability": "VCID-spgf-2f8x-hugb" }, { "vulnerability": "VCID-vd98-9xk6-nyah" }, { "vulnerability": "VCID-wwrp-xbcf-q7ff" }, { "vulnerability": "VCID-zwgq-5655-8uhv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.2.5~ds0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88477?format=api", "purl": "pkg:deb/debian/assimp@5.4.3%2Bds-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2769-cud9-hkcn" }, { "vulnerability": "VCID-37k7-tuwy-dyct" }, { "vulnerability": "VCID-4tm8-3wd9-dqf9" }, { "vulnerability": "VCID-5tf3-by7a-f3at" }, { "vulnerability": "VCID-5x44-jvd4-syhe" }, { "vulnerability": "VCID-6x7b-64wc-33em" }, { "vulnerability": "VCID-861s-k1uk-bqbx" }, { "vulnerability": "VCID-8rpj-m2sm-eyf3" }, { "vulnerability": "VCID-d6x7-b6gs-1fb1" }, { "vulnerability": "VCID-djgx-f6hj-vqg2" }, { "vulnerability": "VCID-du1h-yess-hbg5" }, { "vulnerability": "VCID-fdr7-fg84-wfeq" }, { "vulnerability": "VCID-g1qd-w5jb-cyf9" }, { "vulnerability": "VCID-hj74-hb41-tqa6" }, { "vulnerability": "VCID-j9xp-r2a3-s3b2" }, { "vulnerability": "VCID-mbgu-qpfy-zqhn" }, { "vulnerability": "VCID-prr7-2dq5-yue8" }, { "vulnerability": "VCID-qc5z-gf33-n3fr" }, { "vulnerability": "VCID-rjmg-96sd-cbec" }, { "vulnerability": "VCID-spgf-2f8x-hugb" }, { "vulnerability": "VCID-vd98-9xk6-nyah" }, { "vulnerability": "VCID-wwrp-xbcf-q7ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.4.3%252Bds-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/195586?format=api", "purl": "pkg:deb/debian/assimp@5.4.3%2Bds-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2769-cud9-hkcn" }, { "vulnerability": "VCID-37k7-tuwy-dyct" }, { "vulnerability": "VCID-4tm8-3wd9-dqf9" }, { "vulnerability": "VCID-5tf3-by7a-f3at" }, { "vulnerability": "VCID-5x44-jvd4-syhe" }, { "vulnerability": "VCID-6x7b-64wc-33em" }, { "vulnerability": "VCID-861s-k1uk-bqbx" }, { "vulnerability": "VCID-8rpj-m2sm-eyf3" }, { "vulnerability": "VCID-d6x7-b6gs-1fb1" }, { "vulnerability": "VCID-djgx-f6hj-vqg2" }, { "vulnerability": "VCID-du1h-yess-hbg5" }, { "vulnerability": "VCID-fdr7-fg84-wfeq" }, { "vulnerability": "VCID-g1qd-w5jb-cyf9" }, { "vulnerability": "VCID-hj74-hb41-tqa6" }, { "vulnerability": "VCID-j9xp-r2a3-s3b2" }, { "vulnerability": "VCID-mbgu-qpfy-zqhn" }, { "vulnerability": "VCID-prr7-2dq5-yue8" }, { "vulnerability": "VCID-qc5z-gf33-n3fr" }, { "vulnerability": "VCID-rjmg-96sd-cbec" }, { "vulnerability": "VCID-spgf-2f8x-hugb" }, { "vulnerability": "VCID-vd98-9xk6-nyah" }, { "vulnerability": "VCID-wwrp-xbcf-q7ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/assimp@5.4.3%252Bds-2" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48425.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48425.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22733", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22826", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2278", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2273", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22841", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48425" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48425", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48425" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/assimp/assimp/issues/5791", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T18:18:50Z/" } ], "url": "https://github.com/assimp/assimp/issues/5791" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086044", "reference_id": "1086044", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086044" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321631", "reference_id": "2321631", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321631" } ], "weaknesses": [ { "cwe_id": 122, "name": "Heap-based Buffer Overflow", "description": "A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()." } ], "exploits": [], "severity_range_score": "5.5 - 5.5", "exploitability": "0.5", "weighted_severity": "5.0", "risk_score": 2.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6x7b-64wc-33em" }