CVE-2026-10197
Null Pointer Dereference in Assimp TF File Handler
Publication date: 2026-05-31
Last updated on: 2026-05-31
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| assimp | assimp | to 6.0.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Assimp library up to version 6.0.4, specifically in the function glTF2Importer::ImportEmbeddedTextures within the TF File Handler component. It causes a null pointer dereference, which means the program attempts to access or manipulate memory through a pointer that is not properly initialized or is null.
The vulnerability can only be exploited by an attacker with local access to the system. The exploit code is publicly available, making it easier for attackers to use this vulnerability. A patch has been developed but is awaiting acceptance.
How can this vulnerability impact me? :
The impact of this vulnerability is limited due to its low severity score and the requirement for local access to exploit it.
Successful exploitation results in a null pointer dereference, which typically causes the affected application to crash or behave unexpectedly. This can lead to denial of service but does not directly compromise data confidentiality or integrity.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is exploitable only with local access and results in a null pointer dereference in the Assimp library up to version 6.0.4.
It is advisable to implement a patch to correct this issue as soon as it becomes available.