CVE-2026-14610
Gravedad CVSS v4.0:
BAJA
Tipo:
CWE-119
Restricción de operaciones inapropiada dentro de los límites del búfer de la memoria
Fecha de publicación:
03/07/2026
Última modificación:
03/07/2026
Descripción
*** Pendiente de traducción *** A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. Patch name: eb84eec580d3f4ba2f0fd87409b7d0744620f11e. Applying a patch is the recommended action to fix this issue.
Impacto
Puntuación base 4.0
1.90
Gravedad 4.0
BAJA
Puntuación base 3.x
5.30
Gravedad 3.x
MEDIA
Puntuación base 2.0
4.30
Gravedad 2.0
MEDIA
Referencias a soluciones, herramientas e información
- https://github.com/assimp/assimp/commit/eb84eec580d3f4ba2f0fd87409b7d0744620f11e
- https://github.com/assimp/assimp/issues/6622
- https://github.com/assimp/assimp/pull/6649
- https://github.com/user-attachments/files/27235863/poc.zip
- https://vuldb.com/cve/CVE-2026-14610
- https://vuldb.com/submit/844646
- https://vuldb.com/vuln/376118
- https://vuldb.com/vuln/376118/cti



