Open Asset Import Library Assimp
Moderate fix1 remedy
cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 5.4.3
Open Asset Import Library Assimp Out-of-Bounds Read Vulnerability in SceneCombiner Component
Vulnerability
A vulnerability allowing out-of-bounds read has been identified in Open Asset Import Library (Assimp) version 5.4.3. This issue arises in the SceneCombiner component, specifically within the AddNodeHashes function in SceneCombiner.cpp. The vulnerability can be exploited locally, and although it does not directly lead to remote code execution, it could potentially be used to read sensitive data or manipulate program behavior.
Impact
Exploitation of this vulnerability causes a null pointer dereference, leading to a crash. However, according to the vulnerability disclosure, this issue could be leveraged to execute arbitrary code under certain conditions.
Reproduction
The vulnerability can be reproduced by building Assimp with address sanitizer enabled, and then using a crafted input file that triggers the out-of-bounds read. This can be done using a fuzzer that targets the LWS importer of Assimp.
Remediation
Users are advised to update to the latest version of Assimp, where this vulnerability has been fixed.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.4impact
2.5exploitability
4.6remediation
7.7relevance
0.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.