Description
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray()
Published: 2026-05-04
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An issue in the Assimp library version 6.0.2 allows a remote attacker to trigger a denial of service by exploiting the FBXParser.cpp function ParseVectorDataArray. The flaw causes the parser to misbehave when processing malformed FBX files, leading to a crash of the application or service that uses the library. The vulnerability does not directly disclose or modify data, but it terminates the target process and disrupts availability.

Affected Systems

The affected product is the Assimp library, specifically version 6.0.2. Vendors or developers using this exact release in their applications may be impacted.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no known large-scale exploits. Nevertheless, the issue can be triggered remotely by supplying a crafted FBX file, so the attack vector is inferred to be remote. The CVSS score of 5.9 indicates a medium severity, but the potential for unavailability in mission-critical or public services warrants prompt attention.

Generated by OpenCVE AI on May 4, 2026 at 19:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check whether a newer release of the Assimp library is available and upgrade to the patched version if one exists.
  • If a patch is not yet available, isolate the library and restrict it to trusted input only; perform strict validation or sanitization of FBX files before parsing.
  • Implement monitoring and, if possible, a watchdog mechanism so that a crashed service is automatically restarted, maintaining availability.

Generated by OpenCVE AI on May 4, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 00:15:00 +0000

Type Values Removed Values Added
Title Assimp: Assimp: Denial of Service via FBXParser.cpp ParseVectorDataArray() function
Weaknesses CWE-1284
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 04 May 2026 19:45:00 +0000

Type Values Removed Values Added
Title Assimp 6.0.2 Remote Denial of Service via FBXParser ParseVectorDataArray

Mon, 04 May 2026 17:45:00 +0000

Type Values Removed Values Added
Title Assimp 6.0.2 Remote Denial of Service via FBXParser ParseVectorDataArray
First Time appeared Assimp
Assimp assimp
Vendors & Products Assimp
Assimp assimp

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
CWE-770
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 16:00:00 +0000

Type Values Removed Values Added
Description An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray()
References

Subscriptions

Assimp Assimp
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-04T17:07:58.501Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-70071

cve-icon Vulnrichment

Updated: 2026-05-04T17:05:36.880Z

cve-icon NVD

Status : Received

Published: 2026-05-04T16:16:01.453

Modified: 2026-05-04T18:16:25.850

Link: CVE-2025-70071

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-04T00:00:00Z

Links: CVE-2025-70071 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:30:02Z

Weaknesses