Description
A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extract_anim_value of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The project tagged the reported issue as bug.
Published: 2026-06-01
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Assimp versions up to 6.0.4 contain a flaw in HL1MDLLoader::extract_anim_value where manipulation of the ‘num.total’ argument triggers a heap-based buffer overflow. The vulnerability can corrupt memory adjacent to the overflow target and, if the attacker controls the overflow payload, may result in arbitrary memory corruption. The description does not explicitly confirm code execution or denial of service but indicates that the exploit may be used for attacks and a public exploit has been released. It is an internal buffer overflow (CWE‑119, CWE‑122, CWE‑131).

Affected Systems

Assimp library users that employ any release up to and including 6.0.4 are affected. The issue is confined to the Half‑Life 1 MDL Loader component and does not impact other Assimp loaders.

Risk and Exploitability

The CVSS base score of 4.8 places the vulnerability in the moderate severity range while the EPSS score is reported as <1%, implying a very low likelihood of real‑world exploitation at present. The vulnerability is not listed in the CISA KEV catalog, and exploitation requires local access (the attacker must be able to run code on the target machine). The public exploit demonstrates that an attacker can trigger the overflow, but it does not target externally reachable inputs. The lack of network‑exposed attack surface reduces the potential impact scope to systems that load untrusted MDL files locally.

Generated by OpenCVE AI on June 8, 2026 at 13:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Assimp to a release newer than 6.0.4 where the HL1MDLoader::extract_anim_value bug is fixed
  • If an upgrade is not possible, configure the application to avoid processing Half‑Life 1 MDL files that originate from untrusted sources or disable the HL1MDLoader component entirely
  • Run the application under the least privileged account and employ memory protection mechanisms such as ASLR and stack canaries if supported by the build environment

Generated by OpenCVE AI on June 8, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-131
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 01 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extract_anim_value of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The project tagged the reported issue as bug.
Title Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp extract_anim_value heap-based overflow
First Time appeared Assimp
Assimp assimp
Weaknesses CWE-119
CWE-122
CPEs cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*
Vendors & Products Assimp
Assimp assimp
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Assimp Assimp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T11:18:51.517Z

Reserved: 2026-05-31T08:10:59.414Z

Link: CVE-2026-10231

cve-icon Vulnrichment

Updated: 2026-06-01T11:09:40.498Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T08:16:19.410

Modified: 2026-06-01T15:15:37.293

Link: CVE-2026-10231

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-01T06:15:09Z

Links: CVE-2026-10231 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T14:00:20Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-122

    Heap-based Buffer Overflow

  • CWE-131

    Incorrect Calculation of Buffer Size