{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-10199", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-05-31T06:13:40.131Z", "datePublished": "2026-05-31T22:30:11.424Z", "dateUpdated": "2026-06-01T15:24:04.208Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-31T22:30:11.424Z"}, "title": "Assimp glTF2Asset.h LazyDict null pointer dereference", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "Assimp", "versions": [{"version": "6.0.0", "status": "affected"}, {"version": "6.0.1", "status": "affected"}, {"version": "6.0.2", "status": "affected"}, {"version": "6.0.3", "status": "affected"}, {"version": "6.0.4", "status": "affected"}], "cpes": ["cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is d24b85319bd70c65883a2b96613e07e23fb95981. It is best practice to apply a patch to resolve this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-05-31T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-05-31T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-05-31T08:18:55.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "TYGLS (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/367479", "name": "VDB-367479 | Assimp glTF2Asset.h LazyDict null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/367479/cti", "name": "VDB-367479 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-10199", "name": "CVE-2026-10199 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/821179", "name": "Submit #821179 | Assimp commit 17c12da NULL Pointer Dereference", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6611", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/pull/6646", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/user-attachments/files/27194148/poc.zip", "tags": ["exploit"]}, {"url": "https://github.com/assimp/assimp/commit/d24b85319bd70c65883a2b96613e07e23fb95981", "tags": ["patch"]}, {"url": "https://github.com/assimp/assimp/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-01T15:15:05.264879Z", "id": "CVE-2026-10199", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-01T15:24:04.208Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-10199", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-01T15:15:05.264879Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-01T15:15:06.386Z"}}], "cna": {"tags": ["x_open-source"], "title": "Assimp glTF2Asset.h LazyDict null pointer dereference", "credits": [{"lang": "en", "type": "reporter", "value": "TYGLS (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*"], "vendor": "n/a", "product": "Assimp", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "6.0.1"}, {"status": "affected", "version": "6.0.2"}, {"status": "affected", "version": "6.0.3"}, {"status": "affected", "version": "6.0.4"}]}], "timeline": [{"lang": "en", "time": "2026-05-31T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-05-31T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-05-31T08:18:55.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/367479", "name": "VDB-367479 | Assimp glTF2Asset.h LazyDict null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/367479/cti", "name": "VDB-367479 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-10199", "name": "CVE-2026-10199 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/821179", "name": "Submit #821179 | Assimp commit 17c12da NULL Pointer Dereference", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6611", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/pull/6646", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/user-attachments/files/27194148/poc.zip", "tags": ["exploit"]}, {"url": "https://github.com/assimp/assimp/commit/d24b85319bd70c65883a2b96613e07e23fb95981", "tags": ["patch"]}, {"url": "https://github.com/assimp/assimp/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is d24b85319bd70c65883a2b96613e07e23fb95981. It is best practice to apply a patch to resolve this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-31T22:30:11.424Z"}}}, "cveMetadata": {"cveId": "CVE-2026-10199", "state": "PUBLISHED", "dateUpdated": "2026-06-01T15:24:04.208Z", "dateReserved": "2026-05-31T06:13:40.131Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-05-31T22:30:11.424Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is d24b85319bd70c65883a2b96613e07e23fb95981. It is best practice to apply a patch to resolve this issue."}], "id": "CVE-2026-10199", "lastModified": "2026-06-01T15:15:37.293", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-05-31T23:16:42.413", "references": [{"source": "[email protected]", "url": "https://github.com/assimp/assimp/"}, {"source": "[email protected]", "url": "https://github.com/assimp/assimp/commit/d24b85319bd70c65883a2b96613e07e23fb95981"}, {"source": "[email protected]", "url": "https://github.com/assimp/assimp/issues/6611"}, {"source": "[email protected]", "url": "https://github.com/assimp/assimp/pull/6646"}, {"source": "[email protected]", "url": "https://github.com/user-attachments/files/27194148/poc.zip"}, {"source": "[email protected]", "url": "https://vuldb.com/cve/CVE-2026-10199"}, {"source": "[email protected]", "url": "https://vuldb.com/submit/821179"}, {"source": "[email protected]", "url": "https://vuldb.com/vuln/367479"}, {"source": "[email protected]", "url": "https://vuldb.com/vuln/367479/cti"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "assimp: Assimp: Denial of Service via null pointer dereference in glTF2::LazyDict", "id": "2483753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483753"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["A flaw was found in Assimp. A local attacker could trigger a null pointer dereference by manipulating an argument in the glTF2::LazyDict function. This vulnerability, located in the glTF2Asset.h library, could lead to an application crash, resulting in a denial of service (DoS)."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-10199", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "qt6-qtquick3d", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "qt5-qt3d", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-31T22:30:11Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-10199\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-10199\nhttps://github.com/assimp/assimp/\nhttps://github.com/assimp/assimp/commit/d24b85319bd70c65883a2b96613e07e23fb95981\nhttps://github.com/assimp/assimp/issues/6611\nhttps://github.com/assimp/assimp/pull/6646\nhttps://github.com/user-attachments/files/27194148/poc.zip\nhttps://vuldb.com/cve/CVE-2026-10199\nhttps://vuldb.com/submit/821179\nhttps://vuldb.com/vuln/367479\nhttps://vuldb.com/vuln/367479/cti"], "statement": "Moderate: A null pointer dereference flaw was identified in Assimp, affecting the glTF2::LazyDict function. This vulnerability requires local access and could allow an attacker to cause an application crash, leading to a denial of service.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.4"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Assimp", "source": "cna", "vendor": "n/a"}, "product": "assimp", "vendor": "assimp"}], "created": "2026-05-31T23:30:14.459258+00:00", "updated": "2026-06-01T00:00:07.494108+00:00", "vendors": ["assimp", "assimp$PRODUCT$assimp"]}