Description
A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extract_anim_value of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The project tagged the reported issue as bug.
Published: 2026-06-01
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw exists in the HL1MDLoader component of the Assimp library, where manipulating the ‘num.total’ argument triggers a heap-based buffer overflow in HL1MDLoader::extract_anim_value. The overflow can corrupt adjacent memory structures and, if exploited, may allow an attacker to execute arbitrary code or cause a denial of service. The vulnerability only allows local exploitation, meaning the adversary must have the ability to run code on the target system. It can compromise confidentiality, integrity, and availability of the affected process.

Affected Systems

Assimp library users employing versions up to and including 6.0.4 are affected. The vulnerability is confined to the Half‑Life 1 MDL Loader component and does not extend to other Assimp build targets.

Risk and Exploitability

The CVSS score of 4.8 reflects a moderate risk severity. EPSS is not available, so the likelihood of exploitation is uncertain; however, a public exploit has been released and the bug has been reported as a confirmed issue. The vulnerability is not listed in the CISA KEV catalog, indicating no known large‑scale exploitation yet. Attackers would need local access to the system to trigger the overflow, and the exploit does not appear to target network‑exposed inputs.

Generated by OpenCVE AI on June 1, 2026 at 08:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Assimp to a version newer than 6.0.4 that removes the HL1MDLoader::extract_anim_value bug
  • If an update is not possible, disable or bypass the Half‑Life 1 MDL Loader for untrusted files and restrict the application’s access to such files
  • Run the application under the least privileged user account to limit the damage from a local memory corruption attack
  • Consider applying memory protection techniques such as stack canaries or ASLR if supported by the build environment

Generated by OpenCVE AI on June 1, 2026 at 08:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extract_anim_value of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The project tagged the reported issue as bug.
Title Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp extract_anim_value heap-based overflow
First Time appeared Assimp
Assimp assimp
Weaknesses CWE-119
CWE-122
CPEs cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*
Vendors & Products Assimp
Assimp assimp
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Assimp Assimp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T06:15:09.689Z

Reserved: 2026-05-31T08:10:59.414Z

Link: CVE-2026-10231

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T08:16:19.410

Modified: 2026-06-01T08:16:19.410

Link: CVE-2026-10231

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T08:30:24Z

Weaknesses