Description
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.
Es wurde eine problematische Schwachstelle in Open Asset Import Library Assimp 5.4.3 ausgemacht. Es betrifft die Funktion LWOImporter::CountVertsAndFacesLWO2 der Datei assimp/code/AssetLib/LWO/LWOLoader.cpp. Mit der Manipulation mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.
Problem types
Product status
Timeline
| 2025-05-26: | Advisory disclosed |
| 2025-05-26: | VulDB entry created |
| 2025-05-26: | VulDB entry last update |
References
github.com/assimp/assimp/issues/6174
vuldb.com/?id.310290 (VDB-310290 | Open Asset Import Library Assimp LWOLoader.cpp CountVertsAndFacesLWO2 out-of-bounds)
vuldb.com/?ctiid.310290 (VDB-310290 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.578006 (Submit #578006 | Open Asset Import Library Assimp 5.4.3 Heap Out of Bounds Read)
github.com/assimp/assimp/issues/6173
github.com/assimp/assimp/issues/6128
github.com/...chments/files/20209125/line-832-reproducer.zip