CVE-2026-10229
MEDIUMAssimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes heap-based overflow
Title source: cnaDescription
A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project tagged the reported issue as bug.
References (7)
Core 7
Core References
Issue Tracking issue-tracking
https://github.com/assimp/assimp/issues/6614
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-367508 | Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes heap-based overflow
https://vuldb.com/vuln/367508
Signature, Permissions Required signature
permissions-required
VDB-367508 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/367508/cti
Third Party Advisory third-party-advisory
CVE-2026-10229 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10229
Third Party Advisory third-party-advisory
Submit #821189 | Assimp commit 17c12da Heap-based Buffer Overflow
https://vuldb.com/submit/821189
Exploit exploit
https://github.com/user-attachments/files/27194364/poc.zip
Product product
https://github.com/assimp/assimp/
Scores
CVSS v3
5.3
EPSS
0.0013
EPSS Percentile
2.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
CWE-122
Status
published
Products (5)
None/Assimp
6.0.0
None/Assimp
6.0.1
None/Assimp
6.0.2
None/Assimp
6.0.3
None/Assimp
6.0.4
Published
Jun 01, 2026
Tracked Since
Jun 01, 2026