| 标题 | Assimp commit 17c12da NULL Pointer Dereference |
|---|
| 描述 | A NULL pointer dereference vulnerability exists in Assimp's glTFImporter component, specifically in the `Assimp::glTFImporter::ImportMeshes()` function at `glTFImporter.cpp:287`.
The root cause is that the program calls `ExtractData()` to load texture coordinate data from a glTF accessor, but fails to verify whether the function succeeds. When processing a malicious or malformed glTF file with an invalid bufferView, missing data, or corrupted texture coordinate structure, `ExtractData()` returns a failure status and leaves the output data pointer as NULL.
The code then directly dereferences this NULL pointer to access texture coordinate values, which triggers an immediate segmentation fault (SEGV) and crashes the application. This vulnerability can be exploited to cause a denial-of-service (DoS) condition. |
|---|
| 来源 | ⚠️ https://github.com/assimp/assimp/issues/6609 |
|---|
| 用户 | TYGLS (UID 94774) |
|---|
| 提交 | 2026-05-07 04時32分 (1 月前) |
|---|
| 管理 | 2026-05-31 08時13分 (24 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 367478 [Assimp 直到 6.0.4 glTFImporter glTFImporter.cpp ImportMeshes 拒绝服务] |
|---|
| 积分 | 20 |
|---|