CVE-2026-10197 – Assimp TF File glTF2Importer.cpp ImportEmbeddedTextures null pointer dereference

CVE ID :CVE-2026-10197

Published : May 31, 2026, 10:16 p.m. | 15 minutes ago

Description :A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue. The pull request to fix this issue awaits acceptance.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-10204 – OFCMS JSON Query SysUserController.java query sql injection

CVE-2026-10203 – OFCMS JSON Query SystemParamController.java query sql injection

CVE-2026-10202 – OFCMS JSON Query SystemDictController.java query sql injection

CVE-2026-10201 – Assimp UV Channel FBXExporter.cpp WriteObjects divide by zero