CVE-2026-10198

A flaw was found in Assimp, specifically within the glTFImporter component. A local attacker could exploit a null pointer dereference vulnerability in the Assimp::glTFImporter::ImportMeshes function. This could lead to a denial of service DoS by causing the application to crash. Mitigation...

SUSE CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

SUSE CVE-2026-10199

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...

SUSE CVE-2026-10200

A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has bee...

Linux Distros Unpatched Vulnerability : CVE-2026-10198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of t...

EUVD-2026-33520

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

UBUNTU-CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

CVE-2026-10200

Assimp up to 6.0.4 contains a heap-based buffer overflow in glTFCommon::CopyValue (glTFCommon.h) within the 4x4 Matrix Parser. The vulnerability is triggered by a local-position manipulation and affects the affected library/component. The exploit has been made public, with a proof-of-concept publ...

CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

CVE-2026-10197

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local...

Assimp 代码问题漏洞

Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Versions of Assimp 6.0.4 and earlier contained code vulnerabilities. These vulnerabilities originated from a function in the glTFImporter component, specifically the function...

PT-2026-45217

Name of the Vulnerable Software and Affected Versions Assimp versions prior to 6.0.5 Description A heap-based buffer overflow occurs in the 4x4 Matrix Parser component within the glTFCommon.h library. The issue is located in the glTFCommon::CopyValue function. A local attacker can trigger this...

CVE-2026-32845

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...

EUVD-2026-14448

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...

CVE-2026-32845

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...

CVE-2026-32845 jkuhlmann / cgltf <= 1.15 Sparse Accessor Validation Integer Overflow

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...

CVE-2026-32845

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...

PT-2026-27144

Name of the Vulnerable Software and Affected Versions cgltf versions prior to 1.15 Description cgltf versions prior to 1.15 contain an integer overflow issue in the cgltf validate function when validating sparse accessors. This allows attackers to trigger out-of-bounds reads by providing speciall...

Advisory ROSA-SA-2026-3211

software: vtk 9.0.1 OS: ROSA-CHROME unaffected versions = vtk-9.0.1.1-6 affected versions vtk-9.0.1.1-6 CVE-ID: CVE-2025-57106 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Buffer overflow in Kitware VTK before 9.5.0 in the vtkGLTFDocumentLoader component. The vulnerability occurs in the...