Open Asset Import Library Assimp Heap Out-of-Bounds Read Vulnerability

A heap out-of-bounds read vulnerability has been identified in Open Asset Import Library (Assimp) version 5.4.3. The issue arises in the function MDLImporter::ImportUVCoordinate_3DGS_MDL345 within the file MDLLoader.cpp. The vulnerability is caused by improper validation of the 'iIndex' argument, which allows for out-of-bounds read operations. This issue must be exploited locally. The vulnerability has been publicly disclosed and is part of a collection of fuzzer-related bugs that the project plans to address in the future.

Impact

Exploitation of this vulnerability leads to a heap-based out-of-bounds read, which can potentially be used to crash the program.

Reproduction

The vulnerability can be reproduced by building the Assimp fuzzer with AddressSanitizer (ASAN) enabled, similar to how OSS-Fuzz operates. After compiling Assimp with the necessary flags to enable ASAN and linking against the static version of the library, the fuzzer can be run with a crafted input that triggers the out-of-bounds read. This input can be generated and saved as a .poc file, which the fuzzer will use to simulate the exploitation of the vulnerability.