An update for assimp is now available for openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2560 Final 1.0 1.0 2026-06-05 Initial 2026-06-05 2026-06-05 openEuler SA Tool V1.0 2026-06-05 assimp security update An update for assimp is now available for openEuler-24.03-LTS-SP3 Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fix(es): A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue. The pull request to fix this issue awaits acceptance.(CVE-2026-10197) A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is d24b85319bd70c65883a2b96613e07e23fb95981. It is best practice to apply a patch to resolve this issue.(CVE-2026-10199) An update for assimp is now available for master/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP3/openEuler-24.03-LTS-SP4. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low assimp https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2560 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-10197 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-10199 https://nvd.nist.gov/vuln/detail/CVE-2026-10197 https://nvd.nist.gov/vuln/detail/CVE-2026-10199 openEuler-24.03-LTS-SP3 assimp-5.3.1-19.oe2403sp3.aarch64.rpm assimp-debuginfo-5.3.1-19.oe2403sp3.aarch64.rpm assimp-debugsource-5.3.1-19.oe2403sp3.aarch64.rpm assimp-devel-5.3.1-19.oe2403sp3.aarch64.rpm assimp-5.3.1-19.oe2403sp3.src.rpm assimp-5.3.1-19.oe2403sp3.x86_64.rpm assimp-debuginfo-5.3.1-19.oe2403sp3.x86_64.rpm assimp-debugsource-5.3.1-19.oe2403sp3.x86_64.rpm assimp-devel-5.3.1-19.oe2403sp3.x86_64.rpm assimp-help-5.3.1-19.oe2403sp3.noarch.rpm python3-assimp-5.3.1-19.oe2403sp3.noarch.rpm A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue. The pull request to fix this issue awaits acceptance. 2026-06-05 CVE-2026-10197 openEuler-24.03-LTS-SP3 Low 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L assimp security update 2026-06-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2560 A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is d24b85319bd70c65883a2b96613e07e23fb95981. It is best practice to apply a patch to resolve this issue. 2026-06-05 CVE-2026-10199 openEuler-24.03-LTS-SP3 Low 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L assimp security update 2026-06-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2560