Open Asset Import Library Assimp Stack-Based Buffer Overflow Vulnerability in MD2 Importer

A critical stack-based buffer overflow vulnerability has been identified in Open Asset Import Library (Assimp) version 5.4.3. The issue occurs in the function 'Assimp::MD2Importer::InternReadFile', located in 'code/AssetLib/MD2/MD2Loader.cpp'. The vulnerability arises from improper handling of the 'name' argument, which can be manipulated to cause an out-of-bounds write, potentially leading to a crash of the application. This vulnerability requires local access to exploit.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, leading to an out-of-bounds write. This type of memory corruption can often be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by compiling Assimp with address sanitization enabled, using Clang as the compiler. After building the library, a fuzzer can be used to send malformed MD2 files to the 'MD2Importer::InternReadFile' function. The AddressSanitizer will report a segmentation fault, indicating that the invalid memory access has occurred.

Remediation

Users are advised to upgrade to the latest version of Open Asset Import Library Assimp, where this vulnerability has been fixed.