CVE-2026-10231
Heap-based Buffer Overflow in Assimp Half-Life 1 MDL Loader
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| assimp | assimp | to 6.0.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
There is no information provided in the available context or resources about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is a heap-based buffer overflow in the Assimp library, specifically in the HL1MDLLoader::extract_anim_value function of the Half-Life 1 MDL Loader component. It occurs due to a missing sanity check on the num.total argument. When num.total is manipulated, it can cause an infinite loop where a pointer is incremented beyond its bounds, leading to an out-of-bounds read on the heap and potentially crashing the program.
The issue arises when processing a specially crafted MDL file, which triggers this unsafe behavior.
How can this vulnerability impact me? :
This vulnerability can lead to a heap-based buffer overflow, which may cause the affected program to crash or behave unpredictably. Since the exploit must be initiated locally, an attacker with local access could trigger this flaw by providing a specially crafted MDL file.
The impact includes potential denial of service due to program crashes and possibly other undefined behaviors depending on how the overflow is exploited.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or abnormal behavior in applications using the Assimp library when processing MDL files, especially those that load Half-Life 1 MDL models.
Fuzzing tools can be used to detect this vulnerability by feeding specially crafted MDL files to the affected function HL1MDLLoader::extract_anim_value and observing for heap-buffer-overflow or infinite loops.
A practical detection method is to test the system or application with a proof-of-concept (PoC) MDL file that triggers the vulnerability, then monitor for crashes or memory errors.
Specific commands depend on the environment, but example commands include using debugging or memory analysis tools such as:
- Running the vulnerable application under a memory error detector like AddressSanitizer (ASan) to catch heap-buffer-overflow.
- Using fuzzing frameworks (e.g., AFL or libFuzzer) to supply malformed MDL files and detect crashes.
- Using system logs or application logs to identify crashes or exceptions related to the Assimp library.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of untrusted or specially crafted MDL files with applications that use the vulnerable Assimp library version up to 6.0.4.
If possible, update or patch the Assimp library to a version where this vulnerability is fixed or apply any available patches that add proper sanity checks to the num.total field in HL1MDLLoader::extract_anim_value.
Restrict local user access to systems running vulnerable software to prevent local attackers from exploiting the vulnerability.
Monitor and audit usage of MDL files and related application logs for suspicious activity or crashes that may indicate exploitation attempts.