CVE-2026-10199
Deferred Deferred - Pending Action
Null Pointer Dereference in Assimp glTF2Asset

Publication date: 2026-05-31

Last updated on: 2026-05-31

Assigner: VulDB

Description
A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is d24b85319bd70c65883a2b96613e07e23fb95981. It is best practice to apply a patch to resolve this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-31
Last Modified
2026-05-31
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-10199
EUVD
EUVD-2026-33521
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
assimp assimp to 6.0.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The primary impact of this vulnerability is a potential denial of service caused by a null pointer dereference, which can crash the application using the Assimp library. Since the attack requires local access, remote exploitation is not possible.

The vulnerability does not affect confidentiality or integrity, but it can affect availability by causing the affected software to stop functioning properly.

Mitigation Strategies

The best immediate step to mitigate this vulnerability is to apply the patch named d24b85319bd70c65883a2b96613e07e23fb95981.

Since the attack must be carried out locally, limiting local access to trusted users and systems can also help reduce risk.

Executive Summary

This vulnerability exists in the Assimp library up to version 6.0.4, specifically in the function glTF2::LazyDict within the glTF2Asset.h file. The issue arises from the manipulation of the argument operator[], which leads to a null pointer dereference. This means that when the function tries to access or manipulate data through a pointer that is null, it can cause the program to crash or behave unexpectedly.

The attack exploiting this vulnerability must be carried out locally, meaning an attacker needs local access to the system to trigger the issue. The vulnerability has been publicly disclosed, and a patch is available to fix it.

Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability manifests as a null pointer dereference causing a crash or segmentation fault when the Assimp library processes malformed glTF 2.0 files with invalid animation node references.

Detection can be performed by testing the Assimp glTF2 importer with specially crafted malformed glTF files that trigger the null pointer dereference. Using fuzzing tools or the provided proof-of-concept files can help identify if your system is vulnerable.

There are no specific network commands to detect this vulnerability since the attack must be carried out locally by processing malicious files.

Suggested approach to detect the vulnerability on your system:

  • Obtain or create a malformed glTF 2.0 file that triggers the crash (e.g., the proof-of-concept file referenced in Resource 2).
  • Run the Assimp tool or application that uses Assimp to import the glTF file and observe if it crashes or throws segmentation faults.
  • Example command to test with Assimp command line tool (assuming 'assimp' CLI is installed):
  • assimp info malformed_file.gltf

If the application crashes or logs errors related to null pointer dereference during import, the vulnerability is present.

To automate detection, fuzzing tools targeting the glTF2 importer can be used to identify crashes caused by malformed animation data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10199. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart