{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-10229", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-05-31T08:10:54.492Z", "datePublished": "2026-06-01T05:45:07.021Z", "dateUpdated": "2026-06-01T14:54:34.944Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-01T05:45:07.021Z"}, "title": "Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "Assimp", "versions": [{"version": "6.0.0", "status": "affected"}, {"version": "6.0.1", "status": "affected"}, {"version": "6.0.2", "status": "affected"}, {"version": "6.0.3", "status": "affected"}, {"version": "6.0.4", "status": "affected"}], "cpes": ["cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*"], "modules": ["Half-Life 1 MDL Loader"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project tagged the reported issue as bug."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-05-31T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-05-31T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-05-31T10:16:10.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "TYGLS (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/367508", "name": "VDB-367508 | Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/367508/cti", "name": "VDB-367508 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-10229", "name": "CVE-2026-10229 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/821189", "name": "Submit #821189 | Assimp commit 17c12da Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6614", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/27194364/poc.zip", "tags": ["exploit"]}, {"url": "https://github.com/assimp/assimp/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-01T14:54:28.357469Z", "id": "CVE-2026-10229", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-01T14:54:34.944Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-10229", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-01T14:54:28.357469Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-01T14:54:31.179Z"}}], "cna": {"title": "Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes heap-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "TYGLS (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["Half-Life 1 MDL Loader"], "product": "Assimp", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "6.0.1"}, {"status": "affected", "version": "6.0.2"}, {"status": "affected", "version": "6.0.3"}, {"status": "affected", "version": "6.0.4"}]}], "timeline": [{"lang": "en", "time": "2026-05-31T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-05-31T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-05-31T10:16:10.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/367508", "name": "VDB-367508 | Assimp Half-Life 1 MDL Loader HL1MDLLoader.cpp read_meshes heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/367508/cti", "name": "VDB-367508 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-10229", "name": "CVE-2026-10229 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/821189", "name": "Submit #821189 | Assimp commit 17c12da Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6614", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/27194364/poc.zip", "tags": ["exploit"]}, {"url": "https://github.com/assimp/assimp/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project tagged the reported issue as bug."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-01T05:45:07.021Z"}}}, "cveMetadata": {"cveId": "CVE-2026-10229", "state": "PUBLISHED", "dateUpdated": "2026-06-01T14:54:34.944Z", "dateReserved": "2026-05-31T08:10:54.492Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-06-01T05:45:07.021Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project tagged the reported issue as bug."}], "id": "CVE-2026-10229", "lastModified": "2026-06-01T15:15:37.293", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-06-01T08:16:19.037", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/assimp/assimp/"}, {"source": "cna@vuldb.com", "url": "https://github.com/assimp/assimp/issues/6614"}, {"source": "cna@vuldb.com", "url": "https://github.com/user-attachments/files/27194364/poc.zip"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/cve/CVE-2026-10229"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/821189"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/367508"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/367508/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "assimp: Assimp: Heap-based buffer overflow in Half-Life 1 MDL Loader", "id": "2486785", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486785"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-120", "details": ["A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project tagged the reported issue as bug.", "A flaw was found in Assimp, a library used for importing and exporting various 3D model formats. This vulnerability, a heap-based buffer overflow, exists within the HL1MDLLoader::read_meshes function of the Half-Life 1 MDL Loader component. A local attacker could exploit this by providing specially crafted input, which may lead to a denial of service, information disclosure, or other impacts on system integrity."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-10229", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "qt6-qtquick3d", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "qt5-qt3d", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-01T05:45:07Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-10229\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-10229\nhttps://github.com/assimp/assimp/\nhttps://github.com/assimp/assimp/issues/6614\nhttps://github.com/user-attachments/files/27194364/poc.zip\nhttps://vuldb.com/cve/CVE-2026-10229\nhttps://vuldb.com/submit/821189\nhttps://vuldb.com/vuln/367508\nhttps://vuldb.com/vuln/367508/cti"], "statement": "This Moderate flaw in Assimp's Half-Life 1 MDL Loader component, specifically within the HL1MDLLoader::read_meshes function, is a heap-based buffer overflow. Exploitation requires a local attacker to provide specially crafted input, which could lead to denial of service or information disclosure. While the exploit is publicly known, the local attack vector limits its immediate impact on typical Red Hat deployments.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[6.0.0,6.0.5)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Assimp", "source": "cna", "vendor": "n/a"}, "product": "assimp", "vendor": "assimp"}], "created": "2026-06-01T08:30:24.627974+00:00", "updated": "2026-06-11T01:30:36.647996+00:00", "vendors": ["assimp", "assimp$PRODUCT$assimp"]}