Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-04T00:00:00 Assimp: Assimp: Buffer overflow in FBX Importer allows arbitrary code execution via crafted file. 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L CWE-120

Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation

A flaw was found in Assimp, an open-source asset import library, specifically within its FBX Importer. This buffer overflow vulnerability occurs when processing a specially crafted FBX file. An attacker could exploit this by providing a malicious FBX file, causing a property key string to be copied into a fixed-size memory buffer without proper length validation. This could lead to a denial of service or potentially arbitrary code execution, allowing an attacker to run unauthorized commands.

Red Hat Enterprise Linux 10 Fix deferred qt6-qtquick3d Red Hat Enterprise Linux 9 Not affected qt5-qt3d https://www.cve.org/CVERecord?id=CVE-2025-70067 https://nvd.nist.gov/vuln/detail/CVE-2025-70067 http://assimp.com https://gist.github.com/GunP4ng/b6653184a4c5c3e608e6368227397505 https://github.com/assimp/assimp