| Título | Assimp v5.4.3 Heap-based Buffer Overflow |
|---|
| Descrição | A heap-based buffer overflow vulnerability exists in Assimp Library within the Assimp::SceneCombiner::Copy function at SceneCombiner.cpp:1198. The flaw is caused by insufficient boundary validation on the original texture data buffer before executing memory copy operations. When processing a maliciously crafted model file, the function calculates the copy size based on texture width and height parameters without verifying that the actual allocated heap buffer of the original old texture data matches the calculated size. This leads the memcpy function to copy excessive data beyond the boundary of the valid heap memory region, triggering a 4-byte out-of-bounds heap read and resulting in program crash during scene combination and export processing. Remote attackers can exploit this vulnerability by supplying a specially crafted malicious model file. Successful exploitation can cause a denial-of-service (DoS) condition, with potential risks of sensitive memory information disclosure and arbitrary code execution under specific memory environments. |
|---|
| Fonte | ⚠️ https://github.com/assimp/assimp/issues/6079 |
|---|
| Utilizador | TYGLS (UID 94774) |
|---|
| Submissão | 01/06/2026 05h35 (há 29 dias) |
|---|
| Moderação | 29/06/2026 06h58 (28 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 374595 [Open Asset Import Library Assimp até 5.4.3 Model File SceneCombiner.cpp Copy width/height Excesso de tampão] |
|---|
| Pontos | 20 |
|---|