Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-31T23:00:12 assimp: Assimp: Denial of Service via divide-by-zero in FBXExporter 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-369

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The project tagged the reported issue as bug.

A flaw was found in Assimp. A local user can perform a manipulation within the FBXExporter::WriteObjects function, leading to a divide-by-zero error. This vulnerability can cause a Denial of Service (DoS), making the application unavailable.

Moderate: A local denial of service flaw was found in Assimp's FBX exporter. This issue allows a local attacker to trigger a divide-by-zero error by manipulating the FBX export process, leading to application unavailability. Exploitation requires an application to utilize the vulnerable FBX export functionality. Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Red Hat Enterprise Linux 10 Not affected qt6-qtquick3d Red Hat Enterprise Linux 9 Fix deferred qt5-qt3d https://www.cve.org/CVERecord?id=CVE-2026-10201 https://nvd.nist.gov/vuln/detail/CVE-2026-10201 https://github.com/assimp/assimp/ https://github.com/assimp/assimp/issues/6613 https://github.com/user-attachments/files/27153727/poc.zip https://vuldb.com/cve/CVE-2026-10201 https://vuldb.com/submit/821182 https://vuldb.com/vuln/367481 https://vuldb.com/vuln/367481/cti