2486785 – (CVE-2026-10229) CVE-2026-10229 assimp: Assimp: Heap-based buffer overflow in Half-Life 1 MDL Loader

Bug 2486785 (CVE-2026-10229) - CVE-2026-10229 assimp: Assimp: Heap-based buffer overflow in Half-Life 1 MDL Loader

Summary: CVE-2026-10229 assimp: Assimp: Heap-based buffer overflow in Half-Life 1 MDL ...

Keywords:
Status:	NEW
Alias:	CVE-2026-10229
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2487525
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-09 08:57 UTC by OSIDB Bzimport
Modified:	2026-06-10 13:36 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-09 08:57:17 UTC

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project tagged the reported issue as bug.

Note You need to log in before you can comment on or make changes to this bug.