Clesmian

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 5.4.3 **Description** A vulnerability was found in the Open Asset Import Library Assimp, affecting the function `MDCImporter::ValidateSurfaceHeader` of the file `assimp/code/AssetLib/MDC/MDCLoader.cpp`. The manipulation of the argument `pcSurface2` leads to an out-of-bounds read. This issue requires a local attack to be exploited. The exploit has been disclosed to the public and may be used. **Recommendations** For Open Asset Import Library Assimp version 5.4.3, as a temporary workaround, consider restricting access to the `MDCImporter::ValidateSurfaceHeader` function until a patch is available. Avoid manipulating the `pcSurface2` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 5.4.3 **Description** A vulnerability was found in the Open Asset Import Library Assimp. It has been classified as problematic and affects the function `MDCImporter::InternReadFile` of the component MDC File Parser. The manipulation of the argument `pcVerts` leads to an out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 5.4.3 **Description** A vulnerability was found in the Open Asset Import Library Assimp. The issue affects the function `LWOImporter::GetS0` in the library `assimp/code/AssetLib/LWO/LWOLoader.h`. The manipulation of the argument `out` leads to an out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. **Recommendations** For Open Asset Import Library Assimp version 5.4.3, as a temporary workaround, consider disabling the `LWOImporter::GetS0` function until a patch is available. Restrict access to the `assimp/code/AssetLib/LWO/LWOLoader.h` library to minimize the risk of exploitation. Avoid using the argument `out` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Assimp version 5.4.3 **Description** A vulnerability was found in the Open Asset Import Library Assimp. It has been rated as problematic. The issue affects the function `MDLImporter::ImportUVCoordinate 3DGS MDL345` of the file `assimp/code/AssetLib/MDL/MDLLoader.cpp`. The manipulation of the argument `iIndex` leads to an out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `MDLImporter::ImportUVCoordinate 3DGS MDL345` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 5.4.3 **Description** A problematic vulnerability has been found in Open Asset Import Library Assimp, affecting the function `MDLImporter::InternReadFile 3DGS MDL345` of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. This leads to an out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public. **Recommendations** For Open Asset Import Library Assimp version 5.4.3, consider disabling the `MDLImporter::InternReadFile 3DGS MDL345` function until a patch is available to prevent out-of-bounds read. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 5.4.3 **Description** A problem was found in the function `MDLImporter::InternReadFile Quake1` of the file assimp/code/AssetLib/MDL/MDLLoader.cpp, which leads to out-of-bounds read. The attack can be launched on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. **Recommendations** For Open Asset Import Library Assimp version 5.4.3, as a temporary workaround, consider disabling the `MDLImporter::InternReadFile Quake1` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 5.4.3 **Description** A vulnerability was found in the Open Asset Import Library Assimp. It has been classified as problematic and affects the function `LWOImporter::CountVertsAndFacesLWO2` of the file `assimp/code/AssetLib/LWO/LWOLoader.cpp`. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `LWOImporter::CountVertsAndFacesLWO2` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 5.4.3 **Description** A vulnerability was found in Open Asset Import Library Assimp. It has been declared as problematic. Affected by this vulnerability is the function `HL1MDLLoader::validate header` of the file assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. **Recommendations** As a temporary workaround, consider disabling the `HL1MDLLoader::validate header` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 5.4.3 **Description** A vulnerability was found in the Open Asset Import Library Assimp. It has been rated as problematic and affects the `SkipSpaces` function in the library `assimp/include/assimp/ParsingUtils.h`. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. **Recommendations** For Open Asset Import Library Assimp version 5.4.3, as a temporary workaround, consider disabling the `SkipSpaces` function until a patch is available. Restrict access to the `assimp/include/assimp/ParsingUtils.h` library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library Assimp version 5.4.3 **Description** A vulnerability has been found in Open Asset Import Library Assimp, affecting the function `MDLImporter::ParseSkinLump 3DGS MDL7` of the file `assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp`. The manipulation leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `MDLImporter::ParseSkinLump 3DGS MDL7` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.