Open Asset Import Library Assimp Out-of-Bounds Read Vulnerability in CSM File Handler

A vulnerability allowing out-of-bounds read has been identified in Open Asset Import Library (Assimp) version 5.4.3. This issue arises in the CSM File Handler component, specifically within the 'fast_atoreal_move' function of 'include/assimp/fast_atof.h'. The vulnerability can be exploited remotely, potentially leading to a denial-of-service condition if a user is tricked into processing a malformed CSM file with Assimp.

Impact

Exploitation of this vulnerability causes a use-after-free condition, where the program attempts to access memory that has already been released, leading to a crash. This behavior is indicative of a memory management error that could be exploited to manipulate program execution.

Reproduction

The vulnerability can be reproduced by building Assimp with address sanitizer and fuzzer support. After compiling the library, the fuzzer can be run with a crafted input that triggers the out-of-bounds read by exploiting the 'CSMImporter::InternReadFile' function. This process involves simulating the conditions under which the vulnerability occurs, such as using a CSM file that contains invalid data that the parser does not properly validate.