Copyright © 2012 Red Hat, Inc. All rights reserved.
Moderate
2026-06-01T06:30:10
assimp: Assimp: Use-after-free vulnerability allows local impact
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-825
A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::~aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project tagged the reported issue as bug.
A flaw was found in Assimp. This vulnerability, a use-after-free, exists in the aiNode::~aiNode function within the ASE File Parser component. A local attacker could exploit this by manipulating specific data, potentially leading to information disclosure, data corruption, or a denial of service (DoS).
This Moderate impact use-after-free flaw in Assimp's ASE File Parser component allows a local attacker to cause information disclosure, data corruption, or a denial of service. Exploitation requires the attacker to have local access and manipulate specific 3D model data, limiting the attack vector to scenarios where untrusted files are processed.
To reduce exposure, avoid processing untrusted 3D model files, especially those in the ASE format, with applications that use the Assimp library. If processing untrusted input is unavoidable, consider sandboxing the affected applications to limit potential impact. This operational control may affect functionality if applications depend on processing untrusted ASE files.
Red Hat Enterprise Linux 10
Fix deferred
qt6-qtquick3d
Red Hat Enterprise Linux 9
Fix deferred
qt5-qt3d
https://www.cve.org/CVERecord?id=CVE-2026-10232
https://nvd.nist.gov/vuln/detail/CVE-2026-10232
https://github.com/assimp/assimp/
https://github.com/assimp/assimp/issues/6617
https://github.com/user-attachments/files/27200601/poc.zip
https://vuldb.com/cve/CVE-2026-10232
https://vuldb.com/submit/821192
https://vuldb.com/vuln/367511
https://vuldb.com/vuln/367511/cti