CVE-2026-10200
5.3 MEDIUMA vulnerability was found in Assimp up to 6.0.4
Published: 2026-05-31 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-119, CWE-122
Description
A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The project tagged the reported issue as bug.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10200
- [Other]https://github.com/assimp/assimp/
- [Other]https://github.com/assimp/assimp/issues/6612
- [Other]https://github.com/user-attachments/files/27194256/poc.zip
- [Other]https://vuldb.com/cve/CVE-2026-10200
- [Other]https://vuldb.com/submit/821180
- [Other]https://vuldb.com/vuln/367480
- [Other]https://vuldb.com/vuln/367480/cti
Related CVEs
Same CWE
- CVE-2026-52720 — A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client) (8.8 HIGH)
- CVE-2025-55661 — A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) ... (5.5 MEDIUM)
- CVE-2025-55652 — A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial ... (5.5 MEDIUM)
- CVE-2025-55648 — A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cau... (5.5 MEDIUM)
- CVE-2025-55645 — A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of... (5.5 MEDIUM)