A vulnerability was determined in Assimp up to 6.0.4
A divide-by-zero vulnerability exists in the FBXExporter::WriteObjects function of the Assimp library, which can be triggered by manipulating UV channel handler data. This can cause a crash or unexpected behavior. The vulnerability can be exploited locally.
A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The project tagged the reported issue as bug.
Developers using Assimp library versions up to 6.0.4 are at low risk of crashes or unexpected behavior via locally triggered exploits.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
0
Affected Products
7
References
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Exploitability
Impact