Primary

Context

Open Asset Import Library Assimp Out-of-Bounds Read Vulnerability in MDL Importer

Vulnerability

A vulnerability allowing out-of-bounds read has been identified in Open Asset Import Library (Assimp) version 5.4.3. This issue arises in the MDLImporter::ParseSkinLump_3DGS_MDL7 function within the MDLMaterialLoader.cpp file. The vulnerability requires local exploitation.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, which can commonly result in memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by building the Assimp fuzzer with AddressSanitizer enabled, which is similar to how OSS-Fuzz operates. After compiling the fuzzer, it can be run with a specific reproducer that triggers the out-of-bounds read by exploiting the MDL importer's skin lump parsing function.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open Asset Import Library Assimp Out-of-Bounds Read Vulnerability in MDL Importer

Vulnerability

Impact

Reproduction

Affected Products

Open Asset Import Library Assimp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating