Open Asset Import Library Assimp Out-of-Bounds Read Vulnerability in ASE File Handler

A critical out-of-bounds read vulnerability has been identified in Open Asset Import Library (Assimp) version 5.4.3, specifically within the ASE File Handler component. The issue arises in the function 'Assimp::ASEImporter::BuildUniqueRepresentation' located in 'code/AssetLib/ASE/ASELoader.cpp'. The vulnerability is caused by improper validation of the 'mIndices' argument, which can lead to out-of-bounds memory access. This flaw can be exploited remotely, potentially allowing for arbitrary code execution if a user is tricked into processing a malicious ASE file with Assimp.

Impact

Exploitation of this vulnerability causes a segmentation fault due to an invalid memory read, which can be leveraged to execute arbitrary code under certain conditions.

Reproduction

The vulnerability can be reproduced by building Assimp with address sanitizer enabled, and then using a crafted ASE file that exploits the out-of-bounds read. This can be done by uploading the malicious file through the Assimp command-line tool or by using the Assimp library in a project that reads ASE files.

Remediation

Users are advised to upgrade to Assimp version 6.0 or later, where this vulnerability has been addressed.