UBUNTU-CVE-2026-10232
- Source
- https://ubuntu.com/security/CVE-2026-10232
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-10232.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-10232
- Upstream
- Published
- 2026-06-01T08:16:00Z
- Modified
- 2026-06-03T11:20:11Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::~aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project tagged the reported issue as bug.
- References
-
- https://ubuntu.com/security/CVE-2026-10232
- https://www.cve.org/CVERecord?id=CVE-2026-10232
- https://github.com/assimp/assimp/issues/6617
- https://github.com/assimp/assimp/
- https://github.com/user-attachments/files/27200601/poc.zip
- https://vuldb.com/cve/CVE-2026-10232
- https://vuldb.com/submit/821192
- https://vuldb.com/vuln/367511
- https://vuldb.com/vuln/367511/cti
Affected packages
Ubuntu:16.04:LTS
assimp
Package
- Name
- assimp
- Purl
- pkg:deb/ubuntu/assimp?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:18.04:LTS
assimp
Package
- Name
- assimp
- Purl
- pkg:deb/ubuntu/assimp?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.3.1~dfsg-5
3.3.1~dfsg-5ubuntu1
3.3.1~dfsg-5+build1
4.*
4.0.1~dfsg-1~exp2
4.0.1~dfsg-1
4.1.0~dfsg-1
4.1.0~dfsg-2
4.1.0~dfsg-3
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.1.0~dfsg-3",
"binary_name": "assimp-utils"
},
{
"binary_version": "4.1.0~dfsg-3",
"binary_name": "libassimp4"
},
{
"binary_version": "4.1.0~dfsg-3",
"binary_name": "python-pyassimp"
},
{
"binary_version": "4.1.0~dfsg-3",
"binary_name": "python3-pyassimp"
}
]
}Ubuntu:20.04:LTS
assimp
Package
- Name
- assimp
- Purl
- pkg:deb/ubuntu/assimp?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.0.1~ds0-1build1",
"binary_name": "assimp-testmodels"
},
{
"binary_version": "5.0.1~ds0-1build1",
"binary_name": "assimp-utils"
},
{
"binary_version": "5.0.1~ds0-1build1",
"binary_name": "libassimp5"
},
{
"binary_version": "5.0.1~ds0-1build1",
"binary_name": "python3-pyassimp"
}
]
}Ubuntu:22.04:LTS
assimp
Package
- Name
- assimp
- Purl
- pkg:deb/ubuntu/assimp?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.0.1~ds0-2
5.0.1~ds0-3ubuntu1
5.1.4~ds0-1
5.1.5~ds0-1
5.1.6~ds0-1
5.2.0~ds0-2
5.2.1~ds0-1
5.2.2~ds0-1
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.2.2~ds0-1",
"binary_name": "assimp-testmodels"
},
{
"binary_version": "5.2.2~ds0-1",
"binary_name": "assimp-utils"
},
{
"binary_version": "5.2.2~ds0-1",
"binary_name": "libassimp5"
},
{
"binary_version": "5.2.2~ds0-1",
"binary_name": "python3-pyassimp"
}
]
}Ubuntu:24.04:LTS
assimp
Package
- Name
- assimp
- Purl
- pkg:deb/ubuntu/assimp?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.3.1+ds-2build1",
"binary_name": "assimp-testmodels"
},
{
"binary_version": "5.3.1+ds-2build1",
"binary_name": "assimp-utils"
},
{
"binary_version": "5.3.1+ds-2build1",
"binary_name": "libassimp5"
},
{
"binary_version": "5.3.1+ds-2build1",
"binary_name": "python3-pyassimp"
}
]
}Ubuntu:25.10
assimp
Package
- Name
- assimp
- Purl
- pkg:deb/ubuntu/assimp?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.4.3+ds-2",
"binary_name": "assimp-testmodels"
},
{
"binary_version": "5.4.3+ds-2",
"binary_name": "assimp-utils"
},
{
"binary_version": "5.4.3+ds-2",
"binary_name": "libassimp5"
},
{
"binary_version": "5.4.3+ds-2",
"binary_name": "python3-pyassimp"
}
]
}Ubuntu:26.04:LTS
assimp
Package
- Name
- assimp
- Purl
- pkg:deb/ubuntu/assimp?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.0.4+ds-1build1",
"binary_name": "assimp-testmodels"
},
{
"binary_version": "6.0.4+ds-1build1",
"binary_name": "assimp-utils"
},
{
"binary_version": "6.0.4+ds-1build1",
"binary_name": "libassimp6"
},
{
"binary_version": "6.0.4+ds-1build1",
"binary_name": "python3-pyassimp"
}
]
}