Description
A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The project tagged the reported issue as bug.
Published: 2026-05-31
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a heap-based buffer overflow in the glTF 4x4 matrix parser within Assimp, located in glTFCommon::CopyValue. Manipulating the parser leads to uncontrolled writes on the heap, which an attacker with local privileges can use to corrupt memory, crash the application, or potentially execute arbitrary code. The issue exists in all releases up to 6.0.4 and requires the attacker to supply a malicious glTF file that triggers the overflow during parsing.

Affected Systems

Assimp, the open‑source 3D model import library, runs in scopes ranging from game engines to 3D rendering tools. Any instance that links against a vulnerable Assimp binary or directly uses the glTFCommon component is at risk. Systems that execute Assimp with elevated privileges or accept untrusted glTF input fall into the most vulnerable category.

Risk and Exploitability

The CVSS score of 4.8 reflects moderate severity. The EPSS score is < 1% and the vulnerability is not listed in the CISA KEV catalog, indicating limited or no widespread exploitation yet. However, the publicly available proof‑of‑concept and the open issue confirm that the flaw can be exercised by local users. In contexts where the application runs with elevated permissions or processes untrusted data, the risk escalates to potential arbitrary code execution. The exploitation path involves delivering a crafted glTF file to the parser, which currently lacks proper bounds checking for the 4x4 matrix data.

Generated by OpenCVE AI on June 2, 2026 at 13:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Assimp to a patched release (≥6.0.5, if available) which disables the vulnerable CopyValue path.
  • If a patch is unavailable, run the application under the lowest privilege that still allows needed functionality and ensure that only trusted data reaches the parser.
  • Wrap or audit the glTF parsing call to enforce explicit bounds checks on the 4x4 matrix buffer before copying, preventing overrun writes.

Generated by OpenCVE AI on June 2, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 01 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 31 May 2026 23:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The project tagged the reported issue as bug.
Title Assimp 4x4 Matrix glTFCommon.h CopyValue heap-based overflow
First Time appeared Assimp
Assimp assimp
Weaknesses CWE-119
CWE-122
CPEs cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*
Vendors & Products Assimp
Assimp assimp
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Assimp Assimp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T12:26:17.051Z

Reserved: 2026-05-31T06:13:42.824Z

Link: CVE-2026-10200

cve-icon Vulnrichment

Updated: 2026-06-01T12:25:52.392Z

cve-icon NVD

Status : Deferred

Published: 2026-05-31T23:16:42.623

Modified: 2026-06-01T15:15:37.293

Link: CVE-2026-10200

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-31T22:45:10Z

Links: CVE-2026-10200 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T14:00:10Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

  • CWE-122

    Heap-based Buffer Overflow