Open Asset Import Library Assimp Uncontrolled Memory Allocation Vulnerability in Q3D Importer

A vulnerability exists in Open Asset Import Library (Assimp) version 6.0.2, specifically within the Q3DImporter::InternReadFile function of the Q3DLoader.cpp file. This vulnerability allows for uncontrolled memory allocation, as the importer reads the number of materials from the input file without proper validation. The attacker can manipulate this value to request an allocation that significantly exceeds the available memory, leading to a crash. This issue has been publicly disclosed and can be exploited locally.

Impact

Exploitation of this vulnerability causes a program crash due to an allocation size error, where the requested memory exceeds the maximum supported size, leading to a termination of the process.

Reproduction

The vulnerability can be reproduced by compiling Assimp with Clang 13.0.1, using the AddressSanitizer and UndefinedBehaviorSanitizer. After building the library, a fuzzer can be used to test the Q3D importer with a crafted file that specifies an excessively large number of materials. This will trigger the allocation error, causing the program to crash.