CVE-2026-14604 PUBLISHED

Open Asset Import Library Assimp PLY Model PlyLoader.cpp ExportToBlob double free

Assigner: VulDB
Reserved: 03.07.2026 Published: 03.07.2026 Updated: 03.07.2026

A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
CVSS Score: 5.3

Product Status

Vendor Open Asset Import Library
Product Assimp
Versions
  • Version 6.0.0 is affected
  • Version 6.0.1 is affected
  • Version 6.0.2 is affected
  • Version 6.0.3 is affected
  • Version 6.0.4 is affected

Credits

  • TYGLS (VulDB User) reporter
  • VulDB CNA Team coordinator

References

Problem Types

  • Double Free CWE
  • Memory Corruption CWE