CVE-2026-14604
MEDIUM
6.3
CVSS 3.1
Description
A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report.
Metadata
Severity & Metrics
6.3
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Open Asset Import Library | Assimp | — | 6.0.0, 6.0.1, 6.0.2, 6.0.3 … |
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.5 | N/D | 2.0 | cna | AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
| 6.3 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 6.3 | MEDIUM | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 5.3 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
References (6)
- VDB-376112 | Open Asset Import Library Assimp PLY Model PlyLoader.cpp ExportToBlob double free https://vuldb.com/vuln/376112
- VDB-376112 | CTI Indicators (IOB, IOC, IOA) https://vuldb.com/vuln/376112/cti
- CVE-2026-14604 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-14604
- Submit #844567 | Assimp commit 17c12da Double Free https://vuldb.com/submit/844567
- https://github.com/assimp/assimp/issues/6620
- https://github.com/user-attachments/files/27232640/poc.zip