CVE Catalog

CVE-2025-70067

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

A buffer overflow vulnerability was found in the Assimp library up to version 6.0.2 in the FBX Importer. The issue occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation.

Risk Assessment

An attacker can exploit this vulnerability to execute arbitrary code remotely or cause a denial of service in applications using the Assimp library to process FBX files, posing a serious risk to system integrity and availability.

Recommendation

Immediately update the Assimp library to version 6.0.3 or later, which includes a fix for this vulnerability. If an update is not possible, avoid processing untrusted FBX files.

Original NVD description (English source)

Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation

Vulnerability data from NVD (NIST) · CISA KEV · EPSS