Open Asset Import Library Assimp Heap-Based Buffer Overflow Vulnerability in CSMImporter

A critical heap-based buffer overflow vulnerability has been identified in Open Asset Import Library (Assimp) version 5.4.3. The issue arises in the CSMImporter::InternReadFile function within the CSMLoader.cpp file. This vulnerability can be exploited remotely, potentially leading to arbitrary code execution if a victim is tricked into processing a malicious CSM file with Assimp.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by building Assimp with address sanitizer enabled, using a fuzzer to generate input that triggers the buffer overflow. This process involves compiling Assimp with specific CMake options to disable shared libraries and unnecessary features, then linking the fuzzer with the Assimp library and a static version of Zlib. After building the fuzzer, it can be run with a crafted CSM file that exploits the buffer overflow.

Remediation

Users are advised to update to Assimp version 6.0.1 or later, where this vulnerability has been fixed.