Open Asset Import Library Assimp
0 remedies
cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*
0 remedies
- 5.4.3
Open Asset Import Library Assimp Heap Out-of-Bounds Read Vulnerability
Vulnerability
A heap out-of-bounds read vulnerability has been identified in Open Asset Import Library (Assimp) version 5.4.3. The issue arises in the function 'LWOImporter::CountVertsAndFacesLWO2' within the file 'LWOLoader.cpp'. The vulnerability occurs because the code does not properly verify the alignment of the end pointer, leading to out-of-bounds memory access. This flaw can be exploited locally and has been publicly disclosed.
Impact
Exploitation of this vulnerability causes a heap-buffer-overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.
Reproduction
The vulnerability can be reproduced by building the 'assimp_fuzzer' with AddressSanitizer (ASAN) enabled, similar to how OSS-Fuzz operates. After compiling the library, the fuzzer can be run with a specific input that triggers the out-of-bounds read, causing a crash that ASAN will report.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.4impact
2.5exploitability
4.6remediation
0.0relevance
0.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.