Open Asset Import Library Assimp Out-of-Bounds Read Vulnerability in LWS File Handler

A critical out-of-bounds read vulnerability has been identified in Open Asset Import Library (Assimp) version 5.4.3. The issue arises in the LWS file handler, specifically within the 'SceneCombiner::MergeScenes' function of 'LWSLoader.cpp'. This vulnerability can be exploited remotely, potentially leading to unauthorized memory access and allowing for remote code execution if a user is tricked into processing a malicious LWS file with Assimp.

Impact

Exploitation of this vulnerability causes a segmentation fault by accessing memory addresses outside the allocated buffer, which could be leveraged for more severe consequences such as remote code execution.

Reproduction

The vulnerability can be reproduced by building Assimp with address sanitizer enabled, using a specific set of CMake options that disable shared libraries and certain features, while enabling the Zlib dependency. After compiling Assimp, a fuzzer can be used to automate the process of sending crafted LWS files to the Assimp importer. The fuzzer should be configured to target the 'LWSImporter' and 'MergeScenes' function, where the vulnerability occurs. The crafted LWS file should be designed to exploit the out-of-bounds read by, for example, manipulating scene elements in a way that triggers the vulnerability when the file is processed by Assimp.