Open Asset Import Library Assimp Heap-Based Buffer Overflow Vulnerability in File Handler Component

A critical heap-based buffer overflow vulnerability has been identified in Open Asset Import Library (Assimp) version 5.4.3. The issue arises in the function 'Assimp::BaseImporter::ConvertToUTF8' within 'BaseImporter.cpp', specifically when the file handler processes certain malformed files. This vulnerability can be exploited remotely, leading to an out-of-bounds read, potential application crash, and according to VulDB, could be exploited for arbitrary code execution.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by cloning the Assimp repository, building it with AddressSanitizer enabled, and then running a compiled fuzzer that targets the 'ConvertToUTF8' function with a specially crafted input. The AddressSanitizer will report a segmentation fault, indicating that the invalid read access has occurred, which is a sign of the heap-buffer-overflow vulnerability being triggered.

Remediation

Users can upgrade to Assimp version 5.4.4, where this vulnerability has been fixed.