CVE-2026-10230
Heap-based Buffer Overflow in Assimp Half-Life 1 MDL Loader
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| assimp | assimp | to 6.0.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap-based buffer overflow in the Assimp library, specifically in the function HL1MDLLoader::read_animations within the Half-Life 1 MDL Loader component. It occurs when parsing malformed Half-Life 1 MDL files. The code allocates an array of size 1 but attempts to write a second element beyond the allocated bounds without proper boundary validation, leading to memory corruption.
The issue was discovered using fuzzing techniques, and a proof-of-concept exploit exists that triggers an out-of-bounds write, causing a crash or potential arbitrary code execution.
How can this vulnerability impact me? :
This vulnerability can lead to a heap-based buffer overflow when processing specially crafted Half-Life 1 MDL files locally. An attacker with local access could exploit this flaw to cause a crash or potentially execute arbitrary code with the privileges of the user running the application.
The impact includes corruption of heap memory, which may lead to denial of service or escalation of privileges depending on the context in which the vulnerable function is used.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the Assimp library's HL1MDLLoader::read_animations() function with specially crafted malformed Half-Life 1 MDL files that trigger a heap-based buffer overflow.
Fuzzing techniques were used to discover this issue, and a proof-of-concept (PoC) MDL file is available to reproduce the crash.
To detect the vulnerability on your system, you can run the Assimp library with the PoC MDL file and monitor for crashes or heap-buffer-overflow errors using tools like AddressSanitizer.
- Use AddressSanitizer to run the Assimp binary with the PoC file: `ASAN_OPTIONS=detect_heap_buffer_overflow=1 ./assimp import poc_file.mdl`
- Monitor application logs or crash reports for heap-buffer-overflow errors triggered by malformed MDL files.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of untrusted or malformed Half-Life 1 MDL files with the vulnerable Assimp versions up to 6.0.4.
Since the attack requires local access and the exploit is publicly available, restrict local user permissions to prevent unauthorized execution of malicious files.
Monitor for updates or patches from the Assimp project that address this vulnerability and apply them as soon as they become available.