CVE-2026-10229

Assimp up to 6.0.4 is affected by a heap-based buffer overflow in HL1MDLLoader::read_meshes (Half-Life 1 MDL Loader) exposed via a local attack. The vulnerability stems from HL1MDLLoader.cpp and can be triggered by processing specific MDL mesh data. Public exploit disclosure is indicated. The CVE...