CVE-2026-14604

Summary

A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report.

Affected Software

VendorProductVersion RangeStatus
Open Asset Import LibraryAssimp6.0.0affected
Open Asset Import LibraryAssimp6.0.1affected
Open Asset Import LibraryAssimp6.0.2affected
Open Asset Import LibraryAssimp6.0.3affected
Open Asset Import LibraryAssimp6.0.4affected

Weaknesses

  • CWE-415: Double Free
  • CWE-119: Memory Corruption

References