PT-2026-45216 · Assimp · Assimp

Tygls

Published

2026-05-31

Updated

2026-06-05

CVE-2026-10199

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Assimp versions prior to 6.0.5

Description A null pointer dereference occurs in the glTF2::LazyDict function within the glTF2Asset.h library. This issue is triggered by the manipulation of the operator[] argument and requires local access to be exploited.

Recommendations Apply patch d24b85319bd70c65883a2b96613e07e23fb95981 to resolve the issue.

Exploit

Fix

NULL Pointer Dereference

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-404

Related Identifiers

CVE-2026-10199

OESA-2026-2560

OPENSUSE-SU-2026:10946-1

Affected Products

Assimp

PT-2026-45216 · Assimp · Assimp

CVE-2026-10199

Weakness Enumeration

Related Identifiers

Affected Products

References · 25