CVE-2026-14604

Source
https://cve.org/CVERecord?id=CVE-2026-14604
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-14604.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-14604
Downstream
Published
2026-07-03T18:30:08.783Z
Modified
2026-07-08T07:14:55.863783546Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Open Asset Import Library Assimp PLY Model PlyLoader.cpp ExportToBlob double free
Details

A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/14xxx/CVE-2026-14604.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-119",
        "CWE-415"
    ]
}
References

Affected packages

Git / github.com/assimp/assimp

Affected ranges

Type
GIT
Repo
https://github.com/assimp/assimp
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.0.0"
        },
        {
            "introduced": "6.0.1"
        },
        {
            "last_affected": "6.0.1"
        },
        {
            "introduced": "6.0.2"
        },
        {
            "last_affected": "6.0.2"
        },
        {
            "introduced": "6.0.3"
        },
        {
            "last_affected": "6.0.3"
        },
        {
            "introduced": "6.0.4"
        },
        {
            "last_affected": "6.0.4"
        }
    ]
}

Affected versions

6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-14604.json"