Open Asset Import Library Assimp Heap-Based Buffer Overflow Vulnerability in LWO Importer

A heap-based buffer overflow vulnerability has been identified in Open Asset Import Library (Assimp) version 5.4.3. The issue arises in the function LWOImporter::GetS0 within the file LWOLoader.h. The vulnerability is caused by improper handling of string data, where the function can read past the intended buffer limit if the string is not properly null-terminated. This out-of-bounds read can lead to memory corruption.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by building the Assimp library with AddressSanitizer (ASAN) enabled, which is the same configuration used by the OSS-Fuzz project's fuzzing engine. After compiling the library and the fuzzer, the issue can be triggered by running the fuzzer with a specially crafted LWO file that exploits the buffer overflow in the LWOImporter::GetS0 function.