Description
A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug.
Published: 2026-06-01
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Assimp’s Half‑Life 1 MDL Loader function HL1MDLLoader::read_sequence_infos performs an out-of-bounds read when the aiString argument is manipulated. The flaw allows a local attacker to read unintended memory content, potentially exposing confidential data stored in the process address space. No remote execution vector is described, so the impact is confined to confidentiality loss for users with local write access to the library’s input streams.

Affected Systems

The vulnerability exists in the Assimp library up through version 6.0.4. Any system or application that links against this version and uses the Half‑Life 1 MDL loader may be affected. The exact scope depends on how the library is employed, but any local user capable of supplying crafted MDL files could trigger the error.

Risk and Exploitability

The CVSS score of 4.8 indicates a moderate severity. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog. The attack requires local possession of the process that loads MDL files, so the opportunity for exploitation is limited to users or services running the library. While there is no remote or privilege‑escalation vector, the ability to read arbitrary memory can still aid further attacks, especially if the application handles sensitive content.

Generated by OpenCVE AI on June 1, 2026 at 08:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Assimp to a fixed version once a patch is released.
  • If an immediate upgrade is not possible, verify that every call to HL1MDLLoader::read_sequence_infos passes a validated aiString that originates only from trusted sources.
  • Implement defensive bounds checks or length validations on the string before use. As a temporary safeguard, isolate the MDL loading process in a sandbox or run it with the least privilege required, reducing the scope of data that a local attacker could read.

Generated by OpenCVE AI on June 1, 2026 at 08:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug.
Title Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_sequence_infos out-of-bounds
First Time appeared Assimp
Assimp assimp
Weaknesses CWE-119
CWE-125
CPEs cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*
Vendors & Products Assimp
Assimp assimp
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Assimp Assimp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T06:45:08.319Z

Reserved: 2026-05-31T08:11:05.085Z

Link: CVE-2026-10233

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T08:16:19.750

Modified: 2026-06-01T08:16:19.750

Link: CVE-2026-10233

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T09:00:11Z

Weaknesses