CVE-2026-10233: Out-of-Bounds Read in Assimp Half-Life MDL Loader
Assimp, a popular open-source 3D model importing library, contains an out-of-bounds read vulnerability in its Half-Life 1 MDL file loader. When processing specially crafted MDL files, the vulnerability allows an attacker with local access to read memory outside intended boundaries. While the issue has been publicly disclosed, the impact is limited to information disclosure with no ability to modify or crash systems. This vulnerability requires local file system access and authenticated user privileges to trigger.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 3.3 LOW · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Weaknesses (CWE)
- CWE-119, CWE-125
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-01 / 2026-06-17
NVD description (verbatim)
A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug.
8 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-10233 is an out-of-bounds read flaw within the HL1MDLLoader::read_sequence_infos function in HL1MDLLoader.cpp. The vulnerability stems from improper bounds checking when processing the aiString argument during Half-Life 1 MDL file parsing. This permits reading of adjacent memory regions, potentially exposing sensitive data from the process heap or stack. The affected versions extend through Assimp 6.0.4. The flaw combines CWE-119 (improper restriction of operations within the bounds of a memory buffer) and CWE-125 (out-of-bounds read), both classic memory safety issues in C++ codebases handling untrusted file formats.
Business impact
Organizations using Assimp in applications that process user-supplied or untrusted MDL files face a localized information disclosure risk. The threat is primarily relevant to 3D content creation pipelines, game development environments, CAD tools, and multimedia applications. The low CVSS score reflects that exploitation requires local system access and results only in data leakage; integrity and availability are unaffected. For most enterprises, this represents a manageable risk unless Assimp is embedded in customer-facing or internet-exposed tools handling untrusted model files.
Affected systems
Assimp versions up to and including 6.0.4 are vulnerable. The affected component is specifically the Half-Life 1 MDL (model) file loader. Systems most at risk include development workstations, content creation tools, 3D asset pipelines, and any application that parses MDL files from potentially untrusted sources. The vulnerability is not remotely exploitable; an attacker must have local file system access or the ability to place a malicious MDL file where the vulnerable application will load it.
Exploitability
Public disclosure has occurred, and the vulnerability is theoretically exploitable by a local user with file system or user-level access. However, practical exploitation requires that an affected application actually attempt to load a specifically crafted MDL file. The attack vector is local with low privileges required, meaning a standard user account suffices. The low complexity and absence of user interaction requirements (UI:N) make this a straightforward privilege-escalation or lateral-movement vector in multi-user systems where trusted applications parse untrusted model files. The limited scope (information disclosure only) reduces real-world impact.
Remediation
Upgrade Assimp to a patched version released after June 2026 that addresses the bounds checking in HL1MDLLoader::read_sequence_infos. Consult the official Assimp repository and release notes to identify the minimum patched version for your Assimp 6.x line. Until patching is feasible, restrict loading of MDL files to trusted sources, disable MDL loader support if not required, and enforce strict file-type validation before passing files to Assimp. For embedded deployments, consider sandboxing the file-parsing process.
Patch guidance
Monitor the official Assimp GitHub repository (https://github.com/assimp/assimp) for security advisories and version releases that resolve CVE-2026-10233. The vulnerability affects the HL1MDL loader specifically, so ensure that updates to your Assimp dependency include fixes to HL1MDLLoader.cpp. Verify the patched version against the vendor's security advisory before deployment. If you maintain a private fork of Assimp, apply the upstream fix from the official repository to your HL1MDLLoader.cpp file and re-test MDL parsing workflows.
Detection guidance
Monitor application logs and system calls for attempts to load or parse Half-Life 1 MDL files in environments where such files are unexpected. Use static analysis tools (SAST) to scan dependent code and confirm which version of Assimp is linked. Implement software composition analysis (SCA) in your build pipeline to flag Assimp versions up to 6.0.4. If feasible, log file-open operations for .mdl extensions and correlate with the Assimp library loading. Memory access tools (ASAN, Valgrind) during testing can help detect out-of-bounds reads during development.
Why prioritize this
Despite public disclosure, this vulnerability scores LOW (3.3 CVSS) and should be deprioritized relative to critical and high-severity issues. Prioritization rises only if: (1) your organization uses Assimp in production customer-facing tools; (2) those tools accept untrusted 3D model uploads; or (3) a shared development environment runs Assimp where local privilege escalation or lateral movement is a concern. For most enterprises, standard quarterly patching is appropriate. High-priority only if Assimp is embedded in internet-exposed services.
Risk score, explained
The CVSS 3.1 score of 3.3 (LOW) reflects: local attack vector (AV:L) requiring user-level privileges (PR:L), low complexity, no user interaction, and confidentiality impact only (C:L/I:N/A:N). The vulnerability cannot cause denial of service or data modification, limiting fallout to information disclosure of process memory. The public disclosure does increase likelihood of exploitation, but local-only accessibility and the need for file-system interaction significantly constrain threat breadth. Score appropriately reflects a minor risk in most threat models.
Frequently asked questions
Can this vulnerability be exploited remotely over the network?
No. The vulnerability requires local file system access to place or supply a malicious MDL file that will be parsed by an application using vulnerable Assimp versions. Remote exploitation is not possible via network protocols.
What data could an attacker read if they exploit this out-of-bounds read?
The attacker could read adjacent memory regions within the process space—typically heap or stack data. The extent and sensitivity of exposed information depend on what other data is resident in memory at the time of exploitation. In worst case, this could include unencrypted keys, session tokens, or other sensitive process state, but attackers cannot predict or fully control what is leaked.
Is this vulnerability included in CISA's Known Exploited Vulnerabilities (KEV) catalog?
No, CVE-2026-10233 is not currently listed in the CISA KEV catalog, indicating no verified evidence of active exploitation in the wild. Public disclosure has occurred, so responsible monitoring is still warranted, but the absence from KEV suggests real-world adoption by threat actors remains limited.
What applications should I be most concerned about?
Focus on applications that directly integrate Assimp to load 3D models, particularly those handling user-supplied or untrusted MDL files. Examples include 3D editors, game engines using Assimp for asset import, CAD software, and multimedia pipelines. Standard productivity tools that do not parse 3D models are unaffected.
This analysis is based on publicly available vulnerability data current as of the publish date. CVSS scores, KEV status, and affected product versions reflect authoritative sources including NVD and vendor advisories. Patch version numbers and remediation steps should be validated against official vendor releases before implementation. This document is for informational purposes and does not constitute professional security advice. Organizations should conduct their own risk assessment based on their specific environment, threat model, and use of Assimp or dependent software. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10267LOWOut-of-Bounds Read in Janet Language Debug Frame Handling
- CVE-2026-10528LOWOrthanc DICOM Server Stack Buffer Overflow – Patch Guidance
- CVE-2025-41278HIGHWaterfall WF-500 RX Host Out-of-Bounds Read Remote Code Execution
- CVE-2025-70101MEDIUMlwext4 1.0.0 Out-of-Bounds Read Denial of Service
- CVE-2026-0076HIGHAndroid ResourceTypes.cpp Out-of-Bounds Read Privilege Escalation
- CVE-2026-10017HIGHChrome Sandbox Escape via Out-of-Bounds Read in Headless Mode
- CVE-2026-10062HIGHTRENDnet TEW-432BRP Stack Overflow – EOL Hardware Risk
- CVE-2026-10063HIGHTRENDnet TEW-432BRP Stack Overflow – End-of-Life Router Vulnerability