CVE-2026-10198
LOW
1,9
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
LOW
3,3
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low
LOW
1,7
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: single
Confidentiality: none
Integrity: none
Availability: partial
Description
AI Translation Available
A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been published and may be used. The project tagged the reported issue as bug.
404
Improper Resource Shutdown or Release
DraftCommon Consequences
Security Scopes Affected:
Availability
Other
Confidentiality
Potential Impacts:
Dos: Resource Consumption (Other)
Varies By Context
Read Application Data
Applicable Platforms
All platforms may be affected
476
NULL Pointer Dereference
StableCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart
Execute Unauthorized Code Or Commands
Read Memory
Modify Memory
Applicable Platforms
Languages:
C, C++, Java, C#, Go
https://github.com/assimp/assimp/
https://github.com/assimp/assimp/issues/6609
https://github.com/user-attachments/files/27193865/poc.zip
https://vuldb.com/cve/CVE-2026-10198
https://vuldb.com/submit/821178
https://vuldb.com/vuln/367478
https://vuldb.com/vuln/367478/cti