Open Asset Import Library Assimp Heap-Based Buffer Overflow Vulnerability in MD3 Importer

A critical heap-based buffer overflow vulnerability has been identified in Open Asset Import Library (Assimp) version 5.4.3. The issue arises in the MD3Importer component, specifically within the ValidateSurfaceHeaderOffsets function of the MD3Loader.cpp file. This vulnerability can be exploited locally, leading to an out-of-bounds read, potential application crash, and, according to the GitHub issue, could be exploited by a crafted file.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling Assimp with AddressSanitizer enabled, using Clang as the compiler. After building the library, a fuzzer can be compiled and run against the MD3Importer, targeting the ValidateSurfaceHeaderOffsets function. The fuzzer can be used to automate the process of finding inputs that trigger the vulnerability, such as certain malformed MD3 files that cause the buffer overflow.