2483755 – (CVE-2026-10197) CVE-2026-10197 assimp: Assimp: Denial of Service via null pointer dereference in glTF2Importer

Bug 2483755 (CVE-2026-10197) - CVE-2026-10197 assimp: Assimp: Denial of Service via null pointer dereference in glTF2Importer

Summary: CVE-2026-10197 assimp: Assimp: Denial of Service via null pointer dereference...

Keywords:
Status:	NEW
Alias:	CVE-2026-10197
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2483971
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-01 15:28 UTC by Keith Grant
Modified:	2026-06-02 13:50 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Keith Grant 2026-06-01 15:28:19 UTC

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue. The pull request to fix this issue awaits acceptance.

Note You need to log in before you can comment on or make changes to this bug.