PT-2026-45215 · Assimp · Assimp

Tygls

Published

2026-05-31

Updated

2026-06-01

CVE-2026-10198

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Assimp versions prior to 6.0.5

Description A null pointer dereference occurs in the glTFImporter component within the Assimp::glTFImporter::ImportMeshes() function of the glTFImporter.cpp file. This issue allows for local execution attacks.

Recommendations Update to a version later than 6.0.4. As a temporary workaround, restrict the use of the Assimp::glTFImporter::ImportMeshes() function.

Exploit

Fix

NULL Pointer Dereference

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-404

Related Identifiers

CVE-2026-10198

Affected Products

Assimp

PT-2026-45215 · Assimp · Assimp

CVE-2026-10198

Weakness Enumeration

Related Identifiers

Affected Products

References · 16