CNNVD-202601-2948 Information

CNNVD ID

CNNVD-202601-2948

Related CVE

CVE-2025-15538

• CNNVD Published: 2026-01-18

Description (Chinese)

Open Asset Import Library Assimp是Open Asset Import Library开源的一个官方开放资产导入库存储库。可将40多种3D文件格式加载到一个统一且干净的数据结构中。 Open Asset Import Library Assimp 6.0.2及之前版本存在资源管理错误漏洞，该漏洞源于/src/assimp/code/AssetLib/LWO/LWOMaterial.cpp文件中Assimp::LWOImporter::FindUVChannels函数存在释放后重用，可能导致本地攻击。

Description (English)

Open Assembly Import Library Assimp is an official open repository of assets from Open Assembly Import Library. More than 40 3D file formats can be loaded into a uniform and clean data structure. Open Administration Infrastructure Assimp. 6.2 and previous versions contained a resource management error loophole, which originated from the release of the Assimp: :LWOImporter: :FindUVChannels function and could lead to local attacks.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

Open Asset Import Library

Published

2026-01-18

Last Modified

2026-02-24

References

https://github.com/assimp/assimp/issues/6258 https://github.com/assimp/assimp/issues/6258#issuecomment-3070999530 https://github.com/user-attachments/files/21216542/assimp_poc10.zip https://vuldb.com/?ctiid.341727 https://vuldb.com/?id.341727 https://vuldb.com/?submit.735232