Description
A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project tagged the reported issue as bug.
Published: 2026-06-01
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap-based buffer overflow occurs in Assimp’s Half‑Life 1 MDL Loader within the HL1MDLLoader::read_meshes function. The overflow can be triggered by a specially crafted MDL file, potentially allowing an attacker with local execution permissions to corrupt heap memory and execute arbitrary code or crash the application. This corresponds to CWE-119 and CWE-122 weaknesses involving improper bounds checking and memory corruption.

Affected Systems

The vulnerability affects the Assimp library up to and including version 6.0.4. The problem exists in the HL1MDLLoader.cpp component that handles HL1 MDL files. Users who employ the Assimp library to load Half‑Life 1 model data in any application may be exposed to the risk, provided they process untrusted MDL files.

Risk and Exploitability

With a CVSS score of 4.8 the severity is moderate. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is local, requiring the attacker to supply a malicious MDL file that the application will load. A public exploit has already been disclosed, indicating that malicious payloads can be crafted and that vulnerable installations can be compromised if the application loads untrusted model data.

Generated by OpenCVE AI on June 1, 2026 at 08:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Assimp to the newest available release that includes the HL1MDLLoader fix
  • Restrict the use of HL1 MDL files to trusted sources only or disable the loader if the format is unnecessary
  • Patch or modify the HL1MDLLoader code to perform strict bounds checking on all buffer copies before writing them to heap memory

Generated by OpenCVE AI on June 1, 2026 at 08:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project tagged the reported issue as bug.
Title Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes heap-based overflow
First Time appeared Assimp
Assimp assimp
Weaknesses CWE-119
CWE-122
CPEs cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*
Vendors & Products Assimp
Assimp assimp
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Assimp Assimp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T05:45:07.021Z

Reserved: 2026-05-31T08:10:54.492Z

Link: CVE-2026-10229

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T08:16:19.037

Modified: 2026-06-01T08:16:19.037

Link: CVE-2026-10229

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T09:30:24Z

Weaknesses