The flaw resides in Assimp version 6.0.2 inside the ConvertMeshMultiMaterial routine of FBXConverter.cpp. When the library parses the body of an FBX file, it allocates memory without adequate bounds checks, which can be abused to oversize buffers or trigger out-of-range writes. The result is an immediate crash of the host application, leading to a loss of service. This issue is identified by the weaknesses captured in CWE-400 (Uncontrolled Resource Consumption) and CWE-770 (Memory Allocation).

Any software that bundles the Assimp library version 6.0.2 or earlier and processes FBX 3‑D model files is affected. The vulnerability is confined to this specific library release; upgrading to the latest Assimp version that removes or alters the vulnerable code path removes the problem.

An attacker can trigger the crash by delivering a specially crafted FBX file, either through an upload endpoint, network transfer, or by persuading a user to open the file locally. Based on the description, the attack vector is inferred to involve the normal parsing of a malformed or unexpected FBX sequence; the file need not contain a specific structure, but an abnormal sequence can trigger the failure. The CVSS score of 7.5 indicates a high severity, while the EPSS score is not available, leaving the precise likelihood of exploitation uncertain. The vulnerability is not listed in the CISA KEV catalog, but its potential to bring down services where Assimp is in use warrants prompt mitigation.