Primary

Context

Open Asset Import Library Assimp Heap-Based Buffer Overflow Vulnerability in AC3D File Handler

Vulnerability

A critical heap-based buffer overflow vulnerability has been identified in Open Asset Import Library (Assimp) version 5.4.3. The issue arises in the AC3D file handler, specifically within the function 'Assimp::AC3DImporter::ConvertObjectSection' in 'code/AssetLib/AC/ACLoader.cpp'. The vulnerability allows for remote exploitation, potentially leading to arbitrary code execution, by manipulating the 'tmp' argument to overwrite memory boundaries. This flaw was disclosed publicly and is available for exploitation.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by building Assimp with address sanitizer enabled, and then using a crafted AC3D file as input. The provided proof-of-concept demonstrates this exploitation by overwriting memory and triggering the buffer overflow.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

10.0

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open Asset Import Library Assimp Heap-Based Buffer Overflow Vulnerability in AC3D File Handler

Vulnerability

Impact

Reproduction

Affected Products

Open Asset Import Library Assimp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating