LOW
Assimp
CVE published 2026-05-31
CVE-2026-10199
A null pointer dereference vulnerability exists in the Open Asset Import Library (Assimp) through version 6.0.4, specifically within the `glTF2::LazyDict` function in `glTF2Asset.h`. The flaw arises from improper handling of the `operator[]` argument, which can be manipulated to trigger a null pointer dereference. The attack vector is local, requiring low privileges and no user interaction, with a demonst [truncated]