Fixes CVE-2025-2757: Heap-based Buffer Overflow in AI_MD5_PARSE_STRING_IN_QUOTATION (closes #6019) (#6223)

description:
- heap buffer overflow in AI_MD5_PARSE_STRING_IN_QUOTATION. An attacker could potentially exploit the vulnerability to cause a remote code execution,
  if they can trick the victim into running assimp on a malformed MD5 file

fix:
- truncated the string to the maximum supported length, mitigating overflow

Co-authored-by: Vinz Spring <[email protected]>
Co-authored-by: Kim Kulling <[email protected]>

code/AssetLib/MD5/MD5Parser.cpp

@@ -277,6 +277,8 @@ inline bool AI_MD5_PARSE_STRING(const char **sz, const char *bufferEnd, aiString
         }
     }
     out.length = (ai_uint32)(szEnd - szStart);
+    if (out.length >= AI_MAXLEN)
+        out.length = AI_MAXLEN - 1;
     ::memcpy(out.data, szStart, out.length);
     out.data[out.length] = '\0';
 
@@ -299,6 +301,8 @@ inline void AI_MD5_PARSE_STRING_IN_QUOTATION(const char **sz, const char *buffer
             const char *szEnd = *sz;
             ++*sz;
             out.length = (ai_uint32)(szEnd - szStart);
+            if (out.length >= AI_MAXLEN)
+                out.length = AI_MAXLEN - 1;
             ::memcpy(out.data, szStart, out.length);
         }
     }