CVE-2021-43581

Vulnerability

An out-of-bounds read vulnerability exists in the Open Design Alliance PRC SDK prior to version 2022.11. The issue occurs within the parsing of U3D files, specifically due to incorrect use of the LibJpeg source manager inside the U3D library. A crafted U3D file can cause the parser to read past the end of an allocated heap buffer [1]. The bug is triggered during the processing of a maliciously formed U3D file and does not require any special configuration beyond having a vulnerable version of the SDK incorporated into an application that handles U3D content.

Exploitation

An attacker needs only to deliver a specially crafted U3D file to a user or system that opens it with an application built on the affected PRC SDK. No authentication or special privileges are required; the vulnerable code path is reached automatically during the parsing stage of the U3D file. The exploit leverages the out-of-bounds read to gather memory layout information or to craft a read primitive that can be chained into code execution.

Impact

Successful exploitation of this out-of-bounds read can lead to uncontrolled memory access and, as stated in the advisory, arbitrary code execution in the context of the current process [1]. An attacker could achieve full compromise of the affected application, potentially leading to data theft, further system access, or denial of service.

Mitigation

Open Design Alliance released a fix in PRC SDK version 2022.11 [1]. All users running versions prior to 2022.11 should upgrade to the latest release. No official workaround has been provided; users who cannot immediately update should avoid opening untrusted U3D files with any application that relies on the vulnerable SDK.