{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-10201", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-05-31T06:13:45.576Z", "datePublished": "2026-05-31T23:00:12.775Z", "dateUpdated": "2026-06-02T14:56:38.513Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-31T23:00:12.775Z"}, "title": "Assimp UV Channel FBXExporter.cpp WriteObjects divide by zero", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-369", "lang": "en", "description": "Divide By Zero"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "Assimp", "versions": [{"version": "6.0.0", "status": "affected"}, {"version": "6.0.1", "status": "affected"}, {"version": "6.0.2", "status": "affected"}, {"version": "6.0.3", "status": "affected"}, {"version": "6.0.4", "status": "affected"}], "cpes": ["cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*"], "modules": ["UV Channel Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The project tagged the reported issue as bug."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-05-31T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-05-31T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-05-31T08:19:00.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "TYGLS (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/367481", "name": "VDB-367481 | Assimp UV Channel FBXExporter.cpp WriteObjects divide by zero", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/367481/cti", "name": "VDB-367481 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-10201", "name": "CVE-2026-10201 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/821182", "name": "Submit #821182 | Assimp commit 17c12da Divide By Zero", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6613", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/27153727/poc.zip", "tags": ["exploit"]}, {"url": "https://github.com/assimp/assimp/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-02T14:56:28.448856Z", "id": "CVE-2026-10201", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T14:56:38.513Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Assimp UV Channel FBXExporter.cpp WriteObjects divide by zero", "credits": [{"lang": "en", "type": "reporter", "value": "TYGLS (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["UV Channel Handler"], "product": "Assimp", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "6.0.1"}, {"status": "affected", "version": "6.0.2"}, {"status": "affected", "version": "6.0.3"}, {"status": "affected", "version": "6.0.4"}]}], "timeline": [{"lang": "en", "time": "2026-05-31T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-05-31T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-05-31T08:19:00.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/367481", "name": "VDB-367481 | Assimp UV Channel FBXExporter.cpp WriteObjects divide by zero", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/367481/cti", "name": "VDB-367481 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-10201", "name": "CVE-2026-10201 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/821182", "name": "Submit #821182 | Assimp commit 17c12da Divide By Zero", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6613", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/27153727/poc.zip", "tags": ["exploit"]}, {"url": "https://github.com/assimp/assimp/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The project tagged the reported issue as bug."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-369", "description": "Divide By Zero"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-31T23:00:12.775Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-10201", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-02T14:56:28.448856Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-06-02T14:56:34.728Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-10201", "state": "PUBLISHED", "dateUpdated": "2026-05-31T23:00:12.775Z", "dateReserved": "2026-05-31T06:13:45.576Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-05-31T23:00:12.775Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The project tagged the reported issue as bug."}], "id": "CVE-2026-10201", "lastModified": "2026-06-01T15:15:37.293", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-06-01T00:16:41.927", "references": [{"source": "[email protected]", "url": "https://github.com/assimp/assimp/"}, {"source": "[email protected]", "url": "https://github.com/assimp/assimp/issues/6613"}, {"source": "[email protected]", "url": "https://github.com/user-attachments/files/27153727/poc.zip"}, {"source": "[email protected]", "url": "https://vuldb.com/cve/CVE-2026-10201"}, {"source": "[email protected]", "url": "https://vuldb.com/submit/821182"}, {"source": "[email protected]", "url": "https://vuldb.com/vuln/367481"}, {"source": "[email protected]", "url": "https://vuldb.com/vuln/367481/cti"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-369"}, {"lang": "en", "value": "CWE-404"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "assimp: Assimp: Denial of Service via divide-by-zero in FBXExporter", "id": "2483758", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483758"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-369", "details": ["A flaw was found in Assimp. A local user can perform a manipulation within the FBXExporter::WriteObjects function, leading to a divide-by-zero error. This vulnerability can cause a Denial of Service (DoS), making the application unavailable."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-10201", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "qt6-qtquick3d", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "qt5-qt3d", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-31T23:00:12Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-10201\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-10201\nhttps://github.com/assimp/assimp/\nhttps://github.com/assimp/assimp/issues/6613\nhttps://github.com/user-attachments/files/27153727/poc.zip\nhttps://vuldb.com/cve/CVE-2026-10201\nhttps://vuldb.com/submit/821182\nhttps://vuldb.com/vuln/367481\nhttps://vuldb.com/vuln/367481/cti"], "statement": "Moderate: A local denial of service flaw was found in Assimp's FBX exporter. This issue allows a local attacker to trigger a divide-by-zero error by manipulating the FBX export process, leading to application unavailability. Exploitation requires an application to utilize the vulnerable FBX export functionality.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.4"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Assimp", "source": "cna", "vendor": "n/a"}, "product": "assimp", "vendor": "assimp"}], "created": "2026-06-01T00:30:15.494265+00:00", "updated": "2026-06-01T00:30:15.741704+00:00", "vendors": ["assimp", "assimp$PRODUCT$assimp"]}