Open Asset Import Library Assimp Out-of-Bounds Read Vulnerability in MDL Importer

A heap-based out-of-bounds read vulnerability has been identified in Open Asset Import Library (Assimp) version 5.4.3. The issue arises in the function 'MDLImporter::InternReadFile_Quake1' within 'MDLLoader.cpp'. This vulnerability allows for unauthorized memory access, which could potentially be exploited to read sensitive information or cause a denial-of-service condition. The vulnerability can be exploited locally, and details of the exploit are publicly available.

Impact

Exploitation of this vulnerability leads to a heap-based out-of-bounds read, causing a memory access violation that can be exploited to read data from adjacent memory locations, potentially leading to information disclosure or a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by building the Assimp library with AddressSanitizer enabled, which is a memory error detection tool. After compiling the library, the 'assimp_fuzzer' executable can be run with a specially crafted input file that triggers the out-of-bounds read. This process involves using the Clang compiler to compile the fuzzer with the appropriate flags for memory sanitization, and then executing the fuzzer with the generated reproducer file that exploits the vulnerability.