DEBIAN-CVE-2026-10198

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-10198

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-10198.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-10198

Upstream

CVE-2026-10198

Published

2026-05-31T23:16:41.760Z

Modified

2026-06-17T18:00:12.184395858Z

Severity

1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been published and may be used. The project tagged the reported issue as bug.

References

https://security-tracker.debian.org/tracker/CVE-2026-10198

Affected packages

Debian:11 / assimp

Package

Name: assimp
Purl: pkg:deb/debian/assimp?arch=source&distro=bullseye

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0.1~ds0-2

5.0.1~ds0-3

5.0.1~ds0-4

5.1.1~ds0-1

5.1.1~ds0-2

5.1.3~ds0-1

5.1.4~ds0-1

5.1.5~ds0-1

5.1.6~ds0-1

5.2.0~ds0-1

5.2.0~ds0-2

5.2.1~ds0-1

5.2.2~ds0-1~bpo11+1

5.2.2~ds0-1

5.2.4~ds0-1~bpo11+1

5.2.4~ds0-1

5.2.4~ds0-1.1

5.2.4~ds0-3~bpo11+1

5.2.4~ds0-3

5.2.5~ds0-1~bpo11+1

5.2.5~ds0-1

5.2.5~ds0-1.1

5.3.1+ds-1

5.3.1+ds-2

5.4.0+ds-1

5.4.1+ds-1

5.4.2+ds-1

5.4.3+ds-2

5.4.3+ds-3

6.*

6.0.2+ds-1

6.0.3+ds-1

6.0.4+ds-1

6.0.4+ds-3

6.0.5+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-10198.json"

Debian:12 / assimp

Package

Name: assimp
Purl: pkg:deb/debian/assimp?arch=source&distro=bookworm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.5~ds0-1

5.2.5~ds0-1.1

5.3.1+ds-1

5.3.1+ds-2

5.4.0+ds-1

5.4.1+ds-1

5.4.2+ds-1

5.4.3+ds-2

5.4.3+ds-3

6.*

6.0.2+ds-1

6.0.3+ds-1

6.0.4+ds-1

6.0.4+ds-3

6.0.5+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-10198.json"

Debian:13 / assimp

Package

Name: assimp
Purl: pkg:deb/debian/assimp?arch=source&distro=trixie

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.3+ds-2

5.4.3+ds-3

6.*

6.0.2+ds-1

6.0.3+ds-1

6.0.4+ds-1

6.0.4+ds-3

6.0.5+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-10198.json"

Debian:14 / assimp

Package

Name: assimp
Purl: pkg:deb/debian/assimp?arch=source&distro=forky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.3+ds-2

5.4.3+ds-3

6.*

6.0.2+ds-1

6.0.3+ds-1

6.0.4+ds-1

6.0.4+ds-3

6.0.5+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-10198.json"