CVE-2026-10231
Received Received - Intake
Heap-based Buffer Overflow in Assimp Half-Life 1 MDL Loader

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulDB

Description
A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extract_anim_value of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The project tagged the reported issue as bug.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-10231
EUVD
EUVD-2026-33564
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
assimp assimp to 6.0.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a heap-based buffer overflow in the Assimp library, specifically in the HL1MDLLoader::extract_anim_value function of the Half-Life 1 MDL Loader component. It occurs due to a missing sanity check on the num.total argument. When num.total is manipulated, it can cause an infinite loop where a pointer is incremented beyond its bounds, leading to an out-of-bounds read on the heap and potentially crashing the program.

The issue arises when processing a specially crafted MDL file, which triggers this unsafe behavior.

Impact Analysis

This vulnerability can lead to a heap-based buffer overflow, which may cause the affected program to crash or behave unpredictably. Since the exploit must be initiated locally, an attacker with local access could trigger this flaw by providing a specially crafted MDL file.

The impact includes potential denial of service due to program crashes and possibly other undefined behaviors depending on how the overflow is exploited.

Detection Guidance

This vulnerability can be detected by monitoring for crashes or abnormal behavior in applications using the Assimp library when processing MDL files, especially those that load Half-Life 1 MDL models.

Fuzzing tools can be used to detect this vulnerability by feeding specially crafted MDL files to the affected function HL1MDLLoader::extract_anim_value and observing for heap-buffer-overflow or infinite loops.

A practical detection method is to test the system or application with a proof-of-concept (PoC) MDL file that triggers the vulnerability, then monitor for crashes or memory errors.

Specific commands depend on the environment, but example commands include using debugging or memory analysis tools such as:

  • Running the vulnerable application under a memory error detector like AddressSanitizer (ASan) to catch heap-buffer-overflow.
  • Using fuzzing frameworks (e.g., AFL or libFuzzer) to supply malformed MDL files and detect crashes.
  • Using system logs or application logs to identify crashes or exceptions related to the Assimp library.
Mitigation Strategies

Immediate mitigation steps include avoiding the use of untrusted or specially crafted MDL files with applications that use the vulnerable Assimp library version up to 6.0.4.

If possible, update or patch the Assimp library to a version where this vulnerability is fixed or apply any available patches that add proper sanity checks to the num.total field in HL1MDLLoader::extract_anim_value.

Restrict local user access to systems running vulnerable software to prevent local attackers from exploiting the vulnerability.

Monitor and audit usage of MDL files and related application logs for suspicious activity or crashes that may indicate exploitation attempts.

Compliance Impact

There is no information provided in the available context or resources about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10231. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart