CVE-2026-10233 | Assimp up to 6.0.4 Half-Life 1 MDL Loader HL1MDLLoader.cpp read_sequence_infos aiString out-of-bounds (Issue 6619)

Inserito da Angelo Barbosa | Mag 31, 2026 | CVE

A vulnerability marked as problematic has been reported in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read.

This vulnerability is documented as CVE-2026-10233. The attack needs to be performed locally. Additionally, an exploit exists.

The project tagged the reported issue as bug.

CVE-2026-10233 | Assimp up to 6.0.4 Half-Life 1 MDL Loader HL1MDLLoader.cpp read_sequence_infos aiString out-of-bounds (Issue 6619)

Post correlati

CVE-2021-1483 | Cisco Catalyst SD-WAN Manager up to 20.4.1.1 Web UI xml external entity reference (cisco-sa-vman-xml-ext-entity-q6Z7uVUg)

CVE-2024-10562 | 10Web Form Maker Plugin up to 1.15.30 on WordPress Setting cross site scripting

CVE-2024-0621 | Simple Share Buttons Adder Plugin up to 8.4.11 on WordPress CSS Setting cross site scripting

CVE-2024-3926 | bdthemes Element Pack Elementor Addons Plugin up to 5.6.1 on WordPress custom_attributes cross site scripting (ID 3066178)