CVE-2026-10200

### 1. Plain-Language Summary This vulnerability allows an attacker to crash an application or execute malicious code by tricking it into processing a specially crafted glTF 3D file. The flaw occurs in Assimp's matrix-handling code during file parsing, causing memory corruption. ### 2. Who Is Affected - **Product**: Assimp (Open Asset Import Library) - **Affected Versions**: All versions up to and including **6.0.4** - **Specific Component**: The `glTFCommon::CopyValue` function in `glTFCommon.h` (part of the 4x4 Matrix Parser for glTF files). - **Note**: Applications using Assimp to load/process untrusted glTF files are vulnerable (e.g., 3D modeling tools, game engines). ### 3. Attacker Impact - **Immediate Effect**: Crash the application via heap buffer overflow (denial-of-service). - **Potential Escalation**: Execute arbitrary code on the victim's system (if the attacker can control heap memory manipulation). - **Attack Vector**: Requires the attacker to **deliver a malicious glTF file locally** (e.g., via email, download, or USB). The exploit is public, increasing risk. ### 4. Recommended Remediation Steps 1. **Upgrade Assimp**: Update to a patched version beyond **