CVE-2026-14604

medium

Description

A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report.

References

https://vuldb.com/vuln/376112/cti

https://vuldb.com/vuln/376112

https://vuldb.com/submit/844567

https://vuldb.com/cve/CVE-2026-14604

https://github.com/user-attachments/files/27232640/poc.zip

https://github.com/assimp/assimp/issues/6620

Details

Source: Mitre, NVD

Published: 2026-07-03

Updated: 2026-07-03

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium