Assimp Denial-of-Service Vulnerability in FBX Multi-Material Mesh Conversion

A denial-of-service vulnerability has been identified in Assimp version 6.0.2. The issue arises in the FBX importer, specifically within the 'FBXConverter::ConvertMeshMultiMaterial' function. The vulnerability allows remote attackers to cause an application crash by exploiting mismatched material indices and face counts in a crafted FBX file, leading to an out-of-bounds read.

Impact

Exploitation of this vulnerability causes a crash in the application importing the affected FBX file, disrupting the normal operation of the software.

Reproduction

To reproduce this vulnerability, build Assimp 6.0.2 with the FBX importer enabled. Then, import a crafted FBX file that has a different count of material indices and face indices. This will trigger the out-of-bounds read behavior as the code iterates through the indices without proper validation, causing the application to crash.

Remediation

It is recommended to validate that the material-index and face-count arrays are of compatible lengths before iterating through them. Additionally, malformed meshes with mismatched material and face metadata should be rejected, and regression tests should be added to cover scenarios with differing material index counts and face counts.