CVE-2026-10201
Divide by Zero in Assimp UV Channel Handler
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| assimp | assimp | to 6.0.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-369 | The product divides a value by zero. |
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability exists in the Assimp library's FBXExporter::WriteObjects() function, specifically in the handling of UV channels. When processing UV channels that have zero components, the code performs a division by the number of UV components without checking if this number is zero. This leads to a divide-by-zero error causing a floating-point exception crash.
The issue occurs because the function divides by 'nc' (the number of UV components) without validating that 'nc' is non-zero. If a UV channel exists but has zero components, this triggers the vulnerability.
The vulnerability was discovered through fuzzing and can be triggered by processing specially crafted malformed input files.
How can this vulnerability impact me? :
This vulnerability can cause the affected program to crash due to a floating-point exception triggered by a divide-by-zero error.
An attacker could exploit this by providing a specially crafted file that triggers the vulnerability, leading to a denial-of-service condition where the program terminates unexpectedly.
There is also a potential risk that, under certain conditions, arbitrary code execution could be possible if an attacker tricks a user into processing a malicious file, although the primary impact is denial of service.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the Assimp library's handling of FBX files with malformed UV channel data that have zero components. Specifically, fuzzing or processing specially crafted FBX files that trigger a division by zero in the FBXExporter::WriteObjects function can reveal the issue.
There are no direct network detection commands since the attack must be launched locally by processing a crafted file.
To detect the vulnerability on your system, you can attempt to process a known proof-of-concept malformed FBX file that triggers the floating-point exception crash.
- Run the vulnerable Assimp version with a crafted FBX file and observe if it crashes with a floating-point exception.
- Use fuzzing tools targeting the FBXImporter/Exporter components to identify crashes related to division by zero.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the patch provided by the Assimp project that adds validation to ensure the number of UV components ('nc') is non-zero before performing division.
Until the patch is applied, avoid processing untrusted or malformed FBX files that could trigger the vulnerability.
Since the attack requires local execution, restrict access to systems running vulnerable versions of Assimp and monitor for abnormal crashes.