Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes heap-based overflow

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project tagged the reported issue as bug.

Basic Information

ID CVE-2026-10229

Source VulDB

Published Jun 1, 2026 at 05:45

Affected Product

Vendor n/a

Product Assimp

Version 6.0.0

Affected Versions n/a Assimp 6.0.0
n/a Assimp 6.0.1
n/a Assimp 6.0.2
n/a Assimp 6.0.3
n/a Assimp 6.0.4

CWE Classification

CWE-122 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project tagged the reported issue as bug.",
    "published": "2026-06-01T05:45:07.021Z",
    "modified": "2026-06-01T05:45:07.021Z",
    "type": "cve",
    "title": "Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes heap-based overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367508\nhttps://vuldb.com/vuln/367508/cti\nhttps://vuldb.com/cve/CVE-2026-10229\nhttps://vuldb.com/submit/821189\nhttps://github.com/assimp/assimp/issues/6614\nhttps://github.com/user-attachments/files/27194364/poc.zip\nhttps://github.com/assimp/assimp/",
    "id": "CVE-2026-10229",
    "bulletinFamily": "",
    "cwe": [
        "CWE-122",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "n/a Assimp 6.0.0\nn/a Assimp 6.0.1\nn/a Assimp 6.0.2\nn/a Assimp 6.0.3\nn/a Assimp 6.0.4",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Assimp",
    "version": "6.0.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes heap-based overflow_CVE-2026-10229