CVE-2026-14610

Summary

A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. Patch name: eb84eec580d3f4ba2f0fd87409b7d0744620f11e. Applying a patch is the recommended action to fix this issue.

Affected Software

VendorProductVersion RangeStatus
Open Asset Import LibraryAssimp6.0.0affected
Open Asset Import LibraryAssimp6.0.1affected
Open Asset Import LibraryAssimp6.0.2affected
Open Asset Import LibraryAssimp6.0.3affected
Open Asset Import LibraryAssimp6.0.4affected
Open Asset Import LibraryAssimp6.0.5affected

Weaknesses

  • CWE-122: Heap-based Buffer Overflow
  • CWE-119: Memory Corruption

References