| タイトル | Assimp v5.4.3 Heap-based Buffer Overflow |
|---|
| 説明 | A heap-based buffer overflow vulnerability exists in Assimp Library within the Assimp::SceneCombiner::Copy function at SceneCombiner.cpp:1198. The flaw is caused by insufficient boundary validation on the original texture data buffer before executing memory copy operations. When processing a maliciously crafted model file, the function calculates the copy size based on texture width and height parameters without verifying that the actual allocated heap buffer of the original old texture data matches the calculated size. This leads the memcpy function to copy excessive data beyond the boundary of the valid heap memory region, triggering a 4-byte out-of-bounds heap read and resulting in program crash during scene combination and export processing. Remote attackers can exploit this vulnerability by supplying a specially crafted malicious model file. Successful exploitation can cause a denial-of-service (DoS) condition, with potential risks of sensitive memory information disclosure and arbitrary code execution under specific memory environments. |
|---|
| ソース | ⚠️ https://github.com/assimp/assimp/issues/6079 |
|---|
| ユーザー | TYGLS (UID 94774) |
|---|
| 送信 | 2026年06月01日 05:35 (29 日 ago) |
|---|
| モデレーション | 2026年06月29日 06:58 (28 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 374595 [Open Asset Import Library Assimp 迄 5.4.3 Model File SceneCombiner.cpp Copy width/height メモリ破損] |
|---|
| ポイント | 20 |
|---|