CVE-2025-70067
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
A buffer overflow vulnerability was found in the Assimp library up to version 6.0.2 in the FBX Importer. The issue occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation.
Risk Assessment
An attacker can exploit this vulnerability to execute arbitrary code remotely or cause a denial of service in applications using the Assimp library to process FBX files, posing a serious risk to system integrity and availability.
Recommendation
Immediately update the Assimp library to version 6.0.3 or later, which includes a fix for this vulnerability. If an update is not possible, avoid processing untrusted FBX files.
Original NVD description (English source)
Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation

