CVE-2026-10197

Sažetak

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue. The pull request to fix this issue awaits acceptance.

Reference

https://github.com/assimp/assimp/
https://github.com/assimp/assimp/issues/6608
https://github.com/assimp/assimp/pull/6645
https://github.com/user-attachments/files/27193894/poc.zip
https://vuldb.com/cve/CVE-2026-10197
https://vuldb.com/submit/821177
https://vuldb.com/vuln/367477
https://vuldb.com/vuln/367477/cti

CVSS

Base:	1.7
Impact:	2.9
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:N/I:N/A:P

Zadnje važnije ažuriranje

31-05-2026 - 22:16

Objavljeno

31-05-2026 - 22:16