CVE-2026-10197
3.3 LOWA vulnerability was detected in Assimp up to 6.0.4
Published: 2026-05-31 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 3.3 LOW
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-404, CWE-476
Description
A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue. The pull request to fix this issue awaits acceptance.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10197
- [Other]https://github.com/assimp/assimp/
- [Other]https://github.com/assimp/assimp/issues/6608
- [Other]https://github.com/assimp/assimp/pull/6645
- [Other]https://github.com/user-attachments/files/27193894/poc.zip
- [Other]https://vuldb.com/cve/CVE-2026-10197
- [Other]https://vuldb.com/submit/821177
- [Other]https://vuldb.com/vuln/367477
- [Other]https://vuldb.com/vuln/367477/cti
Related CVEs
Same CWE
- CVE-2026-53463 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.3 MEDIUM)
- CVE-2026-47213 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (6.5 MEDIUM)
- CVE-2026-24716 — A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions
- CVE-2026-22899 — A NULL pointer dereference vulnerability has been reported to affect File Station 6
- CVE-2025-66281 — A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions