| Название | Assimp v5.4.3 Heap-based Buffer Overflow |
|---|
| Описание | A heap-based buffer overflow vulnerability exists in Assimp Library within the Assimp::SceneCombiner::Copy function at SceneCombiner.cpp:1198. The flaw is caused by insufficient boundary validation on the original texture data buffer before executing memory copy operations. When processing a maliciously crafted model file, the function calculates the copy size based on texture width and height parameters without verifying that the actual allocated heap buffer of the original old texture data matches the calculated size. This leads the memcpy function to copy excessive data beyond the boundary of the valid heap memory region, triggering a 4-byte out-of-bounds heap read and resulting in program crash during scene combination and export processing. Remote attackers can exploit this vulnerability by supplying a specially crafted malicious model file. Successful exploitation can cause a denial-of-service (DoS) condition, with potential risks of sensitive memory information disclosure and arbitrary code execution under specific memory environments. |
|---|
| Источник | ⚠️ https://github.com/assimp/assimp/issues/6079 |
|---|
| Пользователь | TYGLS (UID 94774) |
|---|
| Представление | 01.06.2026 05:35 (29 дни назад) |
|---|
| Модерация | 29.06.2026 06:58 (28 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 374595 [Open Asset Import Library Assimp до 5.4.3 Model File SceneCombiner.cpp Copy width/height повреждение памяти] |
|---|
| Баллы | 20 |
|---|