CVE-2026-14604
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Summary
A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Open Asset Import Library | Assimp | 6.0.0 | affected |
| Open Asset Import Library | Assimp | 6.0.1 | affected |
| Open Asset Import Library | Assimp | 6.0.2 | affected |
| Open Asset Import Library | Assimp | 6.0.3 | affected |
| Open Asset Import Library | Assimp | 6.0.4 | affected |
Weaknesses
- CWE-415: Double Free
- CWE-119: Memory Corruption
References
- https://vuldb.com/vuln/376112
- https://vuldb.com/vuln/376112/cti
- https://vuldb.com/cve/CVE-2026-14604
- https://vuldb.com/submit/844567
- https://github.com/assimp/assimp/issues/6620
- https://github.com/user-attachments/files/27232640/poc.zip
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.