| Título | Assimp commit 17c12da NULL Pointer Dereference |
|---|
| Descrição | A NULL pointer dereference vulnerability exists in Assimp's glTFImporter component, specifically in the `Assimp::glTFImporter::ImportMeshes()` function at `glTFImporter.cpp:287`.
The root cause is that the program calls `ExtractData()` to load texture coordinate data from a glTF accessor, but fails to verify whether the function succeeds. When processing a malicious or malformed glTF file with an invalid bufferView, missing data, or corrupted texture coordinate structure, `ExtractData()` returns a failure status and leaves the output data pointer as NULL.
The code then directly dereferences this NULL pointer to access texture coordinate values, which triggers an immediate segmentation fault (SEGV) and crashes the application. This vulnerability can be exploited to cause a denial-of-service (DoS) condition. |
|---|
| Fonte | ⚠️ https://github.com/assimp/assimp/issues/6609 |
|---|
| Utilizador | TYGLS (UID 94774) |
|---|
| Submissão | 07/05/2026 04h32 (há 1 mês) |
|---|
| Moderação | 31/05/2026 08h13 (24 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 367478 [Assimp até 6.0.4 glTFImporter glTFImporter.cpp ImportMeshes Negação de Serviço] |
|---|
| Pontos | 20 |
|---|