{"schema_version":"1.7.2","id":"OESA-2026-2560","modified":"2026-06-05T15:48:39Z","published":"2026-06-05T15:48:39Z","upstream":["CVE-2026-10197","CVE-2026-10199"],"summary":"assimp security update","details":"Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose.\r\n\r\nSecurity Fix(es):\n\nA vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue. The pull request to fix this issue awaits acceptance.(CVE-2026-10197)\n\nA vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is d24b85319bd70c65883a2b96613e07e23fb95981. It is best practice to apply a patch to resolve this issue.(CVE-2026-10199)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP3","name":"assimp","purl":"pkg:rpm/openEuler/assimp&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.1-19.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["assimp-5.3.1-19.oe2403sp3.aarch64.rpm","assimp-debuginfo-5.3.1-19.oe2403sp3.aarch64.rpm","assimp-debugsource-5.3.1-19.oe2403sp3.aarch64.rpm","assimp-devel-5.3.1-19.oe2403sp3.aarch64.rpm"],"noarch":["assimp-help-5.3.1-19.oe2403sp3.noarch.rpm","python3-assimp-5.3.1-19.oe2403sp3.noarch.rpm"],"src":["assimp-5.3.1-19.oe2403sp3.src.rpm"],"x86_64":["assimp-5.3.1-19.oe2403sp3.x86_64.rpm","assimp-debuginfo-5.3.1-19.oe2403sp3.x86_64.rpm","assimp-debugsource-5.3.1-19.oe2403sp3.x86_64.rpm","assimp-devel-5.3.1-19.oe2403sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2560"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-10197"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-10199"}],"database_specific":{"severity":"Low"}}