๐Ÿ” CVE Alert

CVE-2026-14604

MEDIUM 6.3

Open Asset Import Library Assimp PLY Model PlyLoader.cpp ExportToBlob double free

CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report.

CWE CWE-415 CWE-119
Vendor open asset import library
Product assimp
Published Jul 3, 2026
Stay Ahead of the Next One

Get instant alerts for open asset import library assimp

Be the first to know when new medium vulnerabilities affecting open asset import library assimp are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Open Asset Import Library / Assimp
6.0.0 6.0.1 6.0.2 6.0.3 6.0.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/376112 vuldb.com: https://vuldb.com/vuln/376112/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14604 vuldb.com: https://vuldb.com/submit/844567 github.com: https://github.com/assimp/assimp/issues/6620 github.com: https://github.com/user-attachments/files/27232640/poc.zip

Credits

๐Ÿ” TYGLS (VulDB User) VulDB CNA Team