Description
A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug.
Published: 2026-06-01
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Assimp’s Half‑Life 1 MDL Loader function HL1MDLLoader::read_sequence_infos performs an out-of-bounds read when the aiString argument is manipulated. The flaw allows a local attacker to read unintended memory content, potentially exposing confidential data stored in the process address space. No remote execution vector is described, so the impact is confined to confidentiality loss for users with local write access to the library’s input streams.

Affected Systems

The vulnerability exists in the Assimp library up through version 6.0.4. Any system or application that links against this version and uses the Half‑Life 1 MDL loader may be affected. The exact scope depends on how the library is employed, but any local user capable of supplying crafted MDL files could trigger the error.

Risk and Exploitability

The CVSS score of 4.8 indicates a moderate severity. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog. The attack requires local possession of the process that loads MDL files, so the opportunity for exploitation is limited to users or services running the library. While there is no remote or privilege‑escalation vector, the ability to read arbitrary memory can still aid further attacks, especially if the application handles sensitive content.

Generated by OpenCVE AI on June 1, 2026 at 08:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Assimp to a fixed version once a patch is released.
  • If an immediate upgrade is not possible, verify that every call to HL1MDLLoader::read_sequence_infos passes a validated aiString that originates only from trusted sources.
  • Implement defensive bounds checks or length validations on the string before use. As a temporary safeguard, isolate the MDL loading process in a sandbox or run it with the least privilege required, reducing the scope of data that a local attacker could read.

Generated by OpenCVE AI on June 1, 2026 at 08:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Low

Wed, 03 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug.
Title Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_sequence_infos out-of-bounds
First Time appeared Assimp
Assimp assimp
Weaknesses CWE-119
CWE-125
CPEs cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*
Vendors & Products Assimp
Assimp assimp
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Assimp Assimp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-03T17:57:19.739Z

Reserved: 2026-05-31T08:11:05.085Z

Link: CVE-2026-10233

cve-icon Vulnrichment

Updated: 2026-06-03T17:56:38.252Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T08:16:19.750

Modified: 2026-06-03T19:16:23.580

Link: CVE-2026-10233

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-01T06:45:08Z

Links: CVE-2026-10233 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T09:00:11Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-125

    Out-of-bounds Read