CVE-2026-10232
Use After Free in Assimp via ASE File Parser
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| assimp | assimp | to 6.0.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap-use-after-free issue in the Assimp library, specifically in the ASE File Parser component. It occurs in the destructor function aiNode::~aiNode of the file scene.cpp. When parsing a malformed ASE file, an invalid node tree is created, causing a node to be freed prematurely. However, the destructor still tries to access the freed node's members, leading to use of memory that has already been deallocated.
The problem arises because of improper handling of node relationships during ASE file parsing, which causes recursive destruction of nodes to access invalid memory. This vulnerability can be triggered locally by providing a specially crafted ASE file.
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to a program crash or potentially allow an attacker to execute arbitrary code or cause denial of service by manipulating memory. Since it is a use-after-free vulnerability, it may be leveraged to corrupt memory or escalate privileges if combined with other vulnerabilities.
However, the attack must be launched locally, and the overall severity is considered low to medium based on CVSS scores. The exploit requires a specially crafted ASE file to trigger the issue.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by triggering the heap-use-after-free condition during the destruction of aiNode objects when parsing malformed ASE files.
One practical detection method is to use AddressSanitizer to monitor for memory errors such as use-after-free during the execution of Assimp when it processes ASE files.
Additionally, the vulnerability can be triggered and tested by providing a specially crafted ASE file to the assimp_fuzzer tool, which is part of Assimp's fuzzing setup.
- Run Assimp with AddressSanitizer enabled to detect memory errors.
- Use the assimp_fuzzer tool with a crafted ASE file to reproduce the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the heap-use-after-free vulnerability in Assimp up to version 6.0.4, avoid processing untrusted or malformed ASE files locally, as the attack requires local execution.
Use fuzzing tools such as assimp_fuzzer to test ASE files before processing them in production environments to detect malformed inputs that could trigger the vulnerability.
Monitor the Assimp project repository or issue tracker for patches or updates addressing this issue and apply them as soon as they become available.