CVE-2026-10197 | Assimp up to 6.0.4 TF File glTF2Importer.cpp ImportEmbeddedTextures null pointer dereference (Issue 6608)

A vulnerability was found in Assimp up to 6.0.4 and classified as problematic. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference.

This vulnerability is identified as CVE-2026-10197. The attack is only possible with local access. Additionally, an exploit exists.

It is advisable to implement a patch to correct this issue.

The pull request to fix this issue awaits acceptance.

CVE-2026-10197 | Assimp up to 6.0.4 TF File glTF2Importer.cpp ImportEmbeddedTextures null pointer dereference (Issue 6608)

Post correlati

CVE-2023-38729 | IBM DB2/DB2 Connect 10.5/11.1/11.5 IMPORT information disclosure (XFDB-262259)

CVE-2024-49756 | AshPostgres up to 2.4.9 file access (GHSA-hf59-7rwq-785m)

CVE-2025-48311 | OffClicks Invisible Optin Plugin up to 1.0 on WordPress cross-site request forgery

CVE-2024-7375 | SourceCodester Simple Realtime Quiz System 1.0 /my_quiz_result.php quiz sql injection