CVE-2026-10229
Heap-based Buffer Overflow in Assimp Half-Life 1 MDL Loader
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| assimp | assimp | to 6.0.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution or denial of service on the affected system.
Because it causes heap-based buffer overflow through memory corruption, an attacker with local access can exploit it to crash the application or potentially execute malicious code.
This may result in unauthorized access to sensitive information, system instability, or disruption of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves a heap-based buffer overflow that can lead to arbitrary code execution or denial of service, potentially resulting in unauthorized access to sensitive information or system crashes.
Such unauthorized access to sensitive information could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of confidential data and system integrity.
Mitigating this vulnerability by applying patches or updates is important to maintain compliance with these regulations.
Can you explain this vulnerability to me?
CVE-2026-10229 is a heap-based buffer overflow vulnerability in the Assimp library, specifically in the HL1MDLLoader::read_meshes() function that processes Half-Life 1 MDL files.
The vulnerability occurs because the loader uses bone indices from the file without proper validation. For example, if the file header declares only one bone but vertex data references a bone index of 5, the code accesses memory beyond the allocated array (temp_bones_), causing out-of-bounds memory access.
This improper bounds checking leads to memory corruption, which can be exploited by providing specially crafted malformed files.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the Assimp library's HL1MDLLoader::read_meshes() function with specially crafted malformed Half-Life 1 MDL files that trigger the heap-based buffer overflow.
Fuzzing tools can be used to identify the vulnerability by providing malformed input files that cause out-of-bounds access in the temp_bones_ array.
A proof-of-concept file exists that triggers the crash by referencing bone indices beyond the declared number of bones.
While no specific detection commands are provided, you can attempt to run the vulnerable Assimp version with the PoC file to observe crashes or abnormal behavior.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying patches or updates provided by the vendor to fix the heap-based buffer overflow in the HL1MDLLoader::read_meshes() function.
Avoid processing untrusted or malformed Half-Life 1 MDL files that could exploit this vulnerability.
Since the attack requires local execution, restrict access to systems running vulnerable versions of Assimp and monitor for suspicious activity.