CVE-2026-10197 – Assimp TF File glTF2Importer.cpp ImportEmbeddedTextures null pointer dereference

CVE ID :CVE-2026-10197

Published : May 31, 2026, 10:16 p.m. | 15 minutes ago

Description :A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue. The pull request to fix this issue awaits acceptance.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-48210 – Possible information disclosure via External Interface

CVE-2026-8796 – Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input

CVE-2026-10194 – OFFIS DCMTK dcmqrscp dcmqrdbi.cc deleteOldestImages heap-based overflow

CVE-2026-10191 – Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow