CVE-2026-10229

A flaw was found in Assimp, a library used for importing and exporting various 3D model formats. This vulnerability, a heap-based buffer overflow, exists within the HL1MDLLoader::readmeshes function of the Half-Life 1 MDL Loader component. A local attacker could exploit this by providing speciall...

SUSE CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

SUSE CVE-2026-10229

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::readmeshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the readmeshes function of the Half-Life 1 MDL Loader component. An attacker can execute arbitrary code or cause a denial of service by providing a specially crafted MDL file that triggers a heap-based buff...

DEBIAN-CVE-2026-10229

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::readmeshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been...

UBUNTU-CVE-2026-10229

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::readmeshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been...

CVE-2026-10229 Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes heap-based overflow

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::readmeshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been...

CVE-2026-10229

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::readmeshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been...

DEBIAN-CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the ImportMeshes function of the glTFImporter component. An attacker can cause a denial of service by triggering a null pointer dereference through local access with low privileges. Remediation There is no...

CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

PT-2026-45215

Name of the Vulnerable Software and Affected Versions Assimp versions prior to 6.0.5 Description A null pointer dereference occurs in the glTFImporter component within the Assimp::glTFImporter::ImportMeshes function of the glTFImporter.cpp file. This issue allows for local execution attacks...

JLSEC-2026-186

Open Asset Import Library assimp commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes...

JLSEC-2026-197

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...

DEBIAN-CVE-2025-6120

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...

UBUNTU-CVE-2025-6120

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...

CVE-2025-6120 Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...

OESA-2024-2360 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A segmentation fault SEGV was detect...

PYSEC-2024-293

A segmentation fault SEGV was detected in the Assimp::SplitLargeMeshesProcessTriangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a...

CVE-2022-38528

Open Asset Import Library assimp commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes...