OESA-2026-2647 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was detected in Assi...

OESA-2026-2646 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was detected in Assi...

PT-2026-48834

openSUSE released security advisories for CVE-2026-0183 in RoundcubeMail and CVE-2025-3548 in Assimp, addressing XSS/SQL injection and denial-of-service flaws in SLE-15-SP6 and SP7 backports, Linuxsecurity reported. https://t.co/mZCkbHBQjS...

Security update for assimp (moderate)

openSUSE Security Update: Security update for assimp Announcement ID: openSUSE-SU-2026:0045-1 Rating: moderate References: 1241367 Cross-References: CVE-2025-3548 CVSS scores: CVE-2025-3548 SUSE: 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: openSUSE Backports SLE-15-SP6 An...

CVE-2026-10229

A flaw was found in Assimp, a library used for importing and exporting various 3D model formats. This vulnerability, a heap-based buffer overflow, exists within the HL1MDLLoader::readmeshes function of the Half-Life 1 MDL Loader component. A local attacker could exploit this by providing speciall...

CVE-2026-10233

A flaw was found in Assimp, within its Half-Life 1 MDL Loader component. A local attacker could exploit an out-of-bounds read vulnerability by manipulating specific input. This could lead to the disclosure of sensitive information. Mitigation Mitigation for this issue is either not available or t...

CVE-2026-10232

A flaw was found in Assimp. This vulnerability, a use-after-free, exists in the aiNode::aiNode function within the ASE File Parser component. A local attacker could exploit this by manipulating specific data, potentially leading to information disclosure, data corruption, or a denial of service...

CVE-2026-10231

A flaw was found in Assimp, a library for importing various 3D model formats. A local attacker could exploit a heap-based buffer overflow vulnerability in the Half-Life 1 MDL Loader component. By manipulating a specific argument, an attacker could cause the application to crash, leading to a deni...

Medium: qt5-qt3d

Issue Overview: Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy without runtime length...

Amazon Linux 2 : qt5-qt3d, --advisory ALAS2-2026-3335 (ALAS-2026-3335)

The version of qt5-qt3d installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3335 advisory. Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in...

assimp-devel-6.0.5-3.1 on GA media (moderate)

assimp-devel-6.0.5-3.1 on GA media Announcement ID: openSUSE-SU-2026:10946-1 Rating: moderate Cross-References: CVE-2025-11277 CVE-2026-10197 CVE-2026-10199 CVSS scores: CVE-2025-11277 SUSE : 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2025-11277 SUSE : 1.9...

OESA-2026-2560 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was detected in Assi...

OESA-2026-2558 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability, which was classifie...

OPENSUSE-SU-2026:10946-1 assimp-devel-6.0.5-3.1 on GA media

These are all security issues fixed in the assimp-devel-6.0.5-3.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-10197

A flaw was found in Assimp. A local user with access to the system could exploit a null pointer dereference vulnerability in the glTF2Importer::ImportEmbeddedTextures function. This flaw could lead to a Denial of Service DoS, making the application unavailable. Mitigation Users should avoid...

CVE-2026-10199

A flaw was found in Assimp. A local attacker could trigger a null pointer dereference by manipulating an argument in the glTF2::LazyDict function. This vulnerability, located in the glTF2Asset.h library, could lead to an application crash, resulting in a denial of service DoS. Mitigation Mitigati...

CVE-2026-10198

A flaw was found in Assimp, specifically within the glTFImporter component. A local attacker could exploit a null pointer dereference vulnerability in the Assimp::glTFImporter::ImportMeshes function. This could lead to a denial of service DoS by causing the application to crash. Mitigation...

Updated assimp packages fix security vulnerabilities

CVE-2025-2750,- A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to...

MGASA-2026-0170 Updated assimp packages fix security vulnerabilities

CVE-2025-2750,- A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to...

SUSE CVE-2026-10197

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local...