Open Asset Import Library Assimp Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in Open Asset Import Library (Assimp) version 5.4.3. The issue arises in the function Assimp::GetNextLine, located in ParsingUtils.h, within the File Handler component. This vulnerability allows for an out-of-bounds write, potentially leading to an application crash. The vulnerability can be exploited remotely by processing certain malformed files.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing the application to crash.

Reproduction

The vulnerability can be reproduced by compiling Assimp with address sanitization enabled, using Clang as the compiler. After building the library, a fuzzer can be used to test the OFF file importer, which will trigger the buffer overflow by writing beyond the allocated stack memory. This can be done by creating a malformed file that exploits the buffer overflow vulnerability in the Assimp::GetNextLine function.

Remediation

This vulnerability has been fixed in Assimp version 6.0.