Skip to main content

Assimp CVE-2026-10231

| EUVD-2026-33564 LOW
Heap-based Buffer Overflow (CWE-122)
2026-06-01 VulDB GHSA-wc3j-ch7g-2h36
Heap Overflow Buffer Overflow Assimp
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jun 01, 2026 - 08:22 NVD
MEDIUM LOW
CVSS changed
Jun 01, 2026 - 08:22 NVD
5.3 (MEDIUM) 1.9 (LOW)
Analysis Generated
Jun 01, 2026 - 07:51 vuln.today

DescriptionCVE.org

A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extract_anim_value of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The project tagged the reported issue as bug.

AnalysisAI

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader allows a local authenticated attacker to corrupt memory via a crafted MDL file, potentially achieving limited confidentiality, integrity, and availability impact. Affected versions span all releases up to and including 6.0.4 of the open-source asset import library. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious HL1 MDL file with oversized num.total
Delivery
Deliver file to local target or content pipeline
Exploit
Application invokes Assimp MDL parser
Execution
extract_anim_value() writes past heap buffer
Impact
Heap corruption enables partial code/data manipulation
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The attacker must have local system access with at least low privileges (PR:L per CVSS AV:L/PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.3 (Medium) reflects a local, low-privilege attack with limited scope (S:U) and partial impact across confidentiality, integrity, and availability (C:L/I:L/A:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker places or delivers a maliciously crafted Half-Life 1 MDL file with a manipulated num.total animation value to a local user or automated content pipeline running an application that uses Assimp for asset import. When the application calls extract_anim_value() during MDL parsing, the unsanitized num.total value causes a heap buffer overflow, potentially overwriting adjacent heap metadata or data. …
Remediation No vendor-released patched version has been confirmed from available data; the fix status should be monitored via the upstream GitHub issue at https://github.com/assimp/assimp/issues/6616 and the Assimp repository at https://github.com/assimp/assimp/. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10231 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy