Vinz Spring 177797c77b Fixes CVE-2025-2751: Out-of-bounds Read in Assimp::CSMImporter::InternReadFile (closes #6012) (#6224) ...

description:
issue:
- 4ad1d2aa30/code/AssetLib/CSM/CSMLoader.cpp (L274C1-L275C1)
- sometimes the code tried to construct a new 4x4 matrix from a nullptr, thus reading out of bounds

fix:
- added nullptr check
- added array count check
- added default fallback init to identity matrix

Co-authored-by: Vinz Spring <vinzs@amazon.de>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

2025-06-08 12:10:12 +02:00

12 KiB

Raw Blame History

View Raw