| 제목 | Open Asset Import Library Assimp 5.4.3 Stack-based Buffer Overflow |
|---|
| 설명 | A stack-buffer-overflow vulnerability was discovered in the Assimp::MD2Importer::InternReadFile function within the Assimp Library. This issue occurs when processing certain malformed files, leading to an out-of-bounds write and potential application crash.
The vulnerability arises in the Assimp::MD2Importer::InternReadFile function defined in code/AssetLib/MD2/MD2Loader.cpp at line 326.
As shown below, the function MD2Importer::InternReadFile lacks checking of iLen before calling memcpy (without restricting the value of iLen), resulting in a write operation beyond the allocated memory. It also reflects that the generation process of pcSkins->name may have the problem of the string not being truncated correctly, resulting in the value of iLen being too large. |
|---|
| 원천 | ⚠️ https://github.com/assimp/assimp/issues/6069 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 03. 28. PM 12:12 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 04. 03. PM 12:58 (6 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 303150 [Open Asset Import Library Assimp 5.4.3 Malformed File MD2Loader.cpp InternReadFile 이름 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|