PatchSiren

Open Asset Import Library CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW Open Asset Import Library CVE published 2026-06-01

CVE-2026-10230

A heap-based buffer overflow vulnerability exists in the Open Asset Import Library (Assimp) up to version 6.0.4, specifically within the Half-Life 1 MDL Loader component. The flaw resides in the `Assimp::MDL::HalfLife::HL1MDLLoader::read_animations` function of `HL1MDLLoader.cpp`. Successful exploitation requires local access and low privileges, with no user interaction needed. The vulnerability has been [truncated]