← back
CVE-2026-10200

Assimp 4x4 Matrix glTFCommon.h CopyValue heap-based overflow

CVSS 4.8 MEDIUMEPSS 0.1%CWE-119CWE-122
A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The project tagged the reported issue as bug.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
n/a · Assimp
public PoCs found1
cve_referencegithub.com/user-attachments/files/27194256/poc.zipunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/assimp/assimp/https://github.com/assimp/assimp/issues/6612https://github.com/user-attachments/files/27194256/poc.ziphttps://vuldb.com/cve/CVE-2026-10200https://vuldb.com/submit/821180https://vuldb.com/vuln/367480https://vuldb.com/vuln/367480/cti