Open Asset Import Library Assimp Divide-By-Zero Vulnerability in MDL Importer

A divide-by-zero vulnerability has been identified in Open Asset Import Library (Assimp) version 5.4.3. The issue arises in the MDLImporter::InternReadFile_Quake1 function within the MDLLoader.cpp file. The vulnerability is triggered by manipulating the skinwidth and skinheight parameters, leading to a floating-point exception. This vulnerability can be exploited remotely, potentially causing a denial-of-service condition by crashing the application.

Impact

Exploitation of this vulnerability causes a floating-point exception, leading to a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by crafting a malformed MDL file that exploits the divide-by-zero condition in the MDLImporter::InternReadFile_Quake1 function. This can be done by setting the skinwidth and skinheight parameters to values that trigger the divide-by-zero error. The issue can be automated using a fuzzer, such as the one included with the Assimp repository, after building Assimp with address sanitizer enabled.

Remediation

Users are advised to update to the patched version of Assimp. The patch is available in the official Assimp repository on GitHub.