CVE-2026-14604
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
A vulnerability was found in Open Asset Import Library Assimp up to version 6.0.4 in the function Assimp::Exporter::ExportToBlob within code/AssetLib/Ply/PlyLoader.cpp. Manipulation in PLY model handling leads to a double free condition. The attack can be initiated remotely and the exploit has been publicly disclosed.
Risk Assessment
The vulnerability could allow remote code execution or application crash when processing PLY files, potentially leading to system compromise or denial of service.
Recommendation
Update Assimp to a version newer than 6.0.4 as soon as a patch is available. Until then, restrict processing of untrusted PLY files.
Original NVD description (English source)
A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report.

