| शीर्षक | Assimp commit 17c12da Heap-based Buffer Overflow |
|---|
| विवरण | A heap-based buffer over-read vulnerability exists in Assimp's Half-Life 1 MDL loader within the `HL1MDLLoader::extract_anim_value` function at `HL1MDLLoader.cpp:1332`. The flaw is caused by missing validation for the `num.total` field. When parsing a malicious MDL file where `num.total` is set to zero, the while loop condition becomes permanently true, resulting in an infinite loop. Inside the loop, the data pointer is continuously incremented without any boundary checks, eventually reading beyond the limits of the allocated heap buffer. This out-of-bounds memory access triggers an immediate program crash. Remote attackers can exploit this vulnerability to cause a denial-of-service (DoS) condition. |
|---|
| स्रोत | ⚠️ https://github.com/assimp/assimp/issues/6616 |
|---|
| उपयोगकर्ता | TYGLS (UID 94774) |
|---|
| सबमिशन | 07/05/2026 04:54 AM (29 दिन पहले) |
|---|
| संयम | 31/05/2026 10:11 AM (24 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367510 [Assimp तक 6.0.4 Half-Life 1 MDL Loader HL1MDLLoader.cpp extract_anim_value num.total बफ़र ओवरफ़्लो] |
|---|
| अंक | 20 |
|---|