2486783 – (CVE-2026-10232) CVE-2026-10232 assimp: Assimp: Use-after-free vulnerability allows local impact

Bug 2486783 (CVE-2026-10232) - CVE-2026-10232 assimp: Assimp: Use-after-free vulnerability allows local impact

Summary: CVE-2026-10232 assimp: Assimp: Use-after-free vulnerability allows local impact

Keywords:
Status:	NEW
Alias:	CVE-2026-10232
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2487523
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-09 08:57 UTC by OSIDB Bzimport
Modified:	2026-06-10 13:30 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-09 08:57:15 UTC

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::~aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project tagged the reported issue as bug.

Note You need to log in before you can comment on or make changes to this bug.