Amazon Linux 2 Security Advisory: ALAS2-2026-3797
Advisory Released Date: 2026-07-08
Advisory Updated Date: 2026-07-08
A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue. The pull request to fix this issue awaits acceptance. (CVE-2026-10197)
A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::~aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project tagged the reported issue as bug. (CVE-2026-10232)
Affected Packages:
qt5-qt3d
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update qt5-qt3d or yum update --advisory ALAS2-2026-3797 to update your system.
aarch64:
qt5-qt3d-5.15.3-1.amzn2.0.10.aarch64
qt5-qt3d-devel-5.15.3-1.amzn2.0.10.aarch64
qt5-qt3d-examples-5.15.3-1.amzn2.0.10.aarch64
qt5-qt3d-debuginfo-5.15.3-1.amzn2.0.10.aarch64
i686:
qt5-qt3d-5.15.3-1.amzn2.0.10.i686
qt5-qt3d-devel-5.15.3-1.amzn2.0.10.i686
qt5-qt3d-examples-5.15.3-1.amzn2.0.10.i686
qt5-qt3d-debuginfo-5.15.3-1.amzn2.0.10.i686
src:
qt5-qt3d-5.15.3-1.amzn2.0.10.src
x86_64:
qt5-qt3d-5.15.3-1.amzn2.0.10.x86_64
qt5-qt3d-devel-5.15.3-1.amzn2.0.10.x86_64
qt5-qt3d-examples-5.15.3-1.amzn2.0.10.x86_64
qt5-qt3d-debuginfo-5.15.3-1.amzn2.0.10.x86_64