Assimp Buffer Overflow Vulnerability in FBX Importer Allowing Memory Corruption and Potential Code Execution

A heap-based buffer overflow vulnerability has been identified in Assimp versions prior to 6.0.2, specifically within the FBX Importer. The issue arises in the 'aiMaterial::AddBinaryProperty' function, where a property key string from a manipulated FBX file is copied into a fixed-size heap buffer using 'strcpy()' without proper length validation. This vulnerability can lead to memory corruption, application crashes, and potentially allow for code execution, depending on the application's context and how it handles the corrupted memory.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, leading to memory corruption and application crashes. In some cases, it could allow for arbitrary code execution, depending on the behavior of the memory allocator and the application's runtime environment.

Reproduction

The vulnerability can be reproduced by building Assimp 6.0.2 in a release configuration where the 'ai_assert' length check is disabled. Afterward, import a crafted FBX file that contains an excessively long material property name. This will trigger the buffer overflow by overwriting memory beyond the fixed-size key buffer allocated for material properties.

Remediation

Users are advised to update to the latest version of Assimp, where this vulnerability has been fixed. The Assimp project provides pre-built binaries that can be downloaded from their Itch Projectspace.