CVE-2026-14604
Open Asset Import Library Assimp PLY Model PlyLoader.cpp ExportToBlob double free
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report.
| CWE | CWE-415 CWE-119 |
| Vendor | open asset import library |
| Product | assimp |
| Published | Jul 3, 2026 |
Stay Ahead of the Next One
Get instant alerts for open asset import library assimp
Be the first to know when new medium vulnerabilities affecting open asset import library assimp are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Open Asset Import Library / Assimp
6.0.0 6.0.1 6.0.2 6.0.3 6.0.4
References
vuldb.com: https://vuldb.com/vuln/376112 vuldb.com: https://vuldb.com/vuln/376112/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14604 vuldb.com: https://vuldb.com/submit/844567 github.com: https://github.com/assimp/assimp/issues/6620 github.com: https://github.com/user-attachments/files/27232640/poc.zip
Credits
๐ TYGLS (VulDB User) VulDB CNA Team