CVE-2026-10229
Deferred Deferred - Pending Action
Heap-based Buffer Overflow in Assimp Half-Life 1 MDL Loader

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulDB

Description
A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project tagged the reported issue as bug.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-10229
EUVD
EUVD-2026-33562
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
assimp assimp to 6.0.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can lead to arbitrary code execution or denial of service on the affected system.

Because it causes heap-based buffer overflow through memory corruption, an attacker with local access can exploit it to crash the application or potentially execute malicious code.

This may result in unauthorized access to sensitive information, system instability, or disruption of service.

Executive Summary

CVE-2026-10229 is a heap-based buffer overflow vulnerability in the Assimp library, specifically in the HL1MDLLoader::read_meshes() function that processes Half-Life 1 MDL files.

The vulnerability occurs because the loader uses bone indices from the file without proper validation. For example, if the file header declares only one bone but vertex data references a bone index of 5, the code accesses memory beyond the allocated array (temp_bones_), causing out-of-bounds memory access.

This improper bounds checking leads to memory corruption, which can be exploited by providing specially crafted malformed files.

Detection Guidance

This vulnerability can be detected by testing the Assimp library's HL1MDLLoader::read_meshes() function with specially crafted malformed Half-Life 1 MDL files that trigger the heap-based buffer overflow.

Fuzzing tools can be used to identify the vulnerability by providing malformed input files that cause out-of-bounds access in the temp_bones_ array.

A proof-of-concept file exists that triggers the crash by referencing bone indices beyond the declared number of bones.

While no specific detection commands are provided, you can attempt to run the vulnerable Assimp version with the PoC file to observe crashes or abnormal behavior.

Mitigation Strategies

Immediate mitigation steps include applying patches or updates provided by the vendor to fix the heap-based buffer overflow in the HL1MDLLoader::read_meshes() function.

Avoid processing untrusted or malformed Half-Life 1 MDL files that could exploit this vulnerability.

Since the attack requires local execution, restrict access to systems running vulnerable versions of Assimp and monitor for suspicious activity.

Compliance Impact

The vulnerability involves a heap-based buffer overflow that can lead to arbitrary code execution or denial of service, potentially resulting in unauthorized access to sensitive information or system crashes.

Such unauthorized access to sensitive information could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of confidential data and system integrity.

Mitigating this vulnerability by applying patches or updates is important to maintain compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10229. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart