C-Ray Null Pointer Dereference Vulnerability in Material Library Parsing Function
Vulnerability
A null pointer dereference vulnerability has been identified in C-Ray version 1.1, specifically within the 'parse_mtllib' function of the data processing module. This vulnerability leads to unpredictable program behavior, causing segmentation faults and program crashes. The issue arises when the 'current' pointer, initialized as NULL, is dereferenced without proper validation, particularly when attempting to assign values to the 'IOR' property.
Impact
Exploitation of this vulnerability causes segmentation faults, leading to program crashes.
Reproduction
The vulnerability can be reproduced by invoking the 'parse_mtllib' function with a file path that triggers the parsing of material properties. The function will attempt to read and process lines from the file. When it encounters a line indicating a material property (specifically the 'Ni' property), it will attempt to dereference the 'current' pointer, which is NULL, causing a null pointer dereference.
Remediation
Users are advised to update to the latest version of C-Ray, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.