What is GHSA-h6wx-qjrr-x3rf?

GHSA-h6wx-qjrr-x3rf is a security advisory published by GitHub Security Advisories with Low severity. A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL:...

Which CVE IDs does GHSA-h6wx-qjrr-x3rf cover?

GHSA-h6wx-qjrr-x3rf covers the following CVE IDs: CVE-2026-10230. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-h6wx-qjrr-x3rf?

GHSA-h6wx-qjrr-x3rf has a CVSS v3 base score of 5.3, published by GitHub Security Advisories.

GHSA-h6wx-qjrr-x3rfLowCVSS 5.3

A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL:...

Vendor

GitHub Security Advisories

Published

June 1, 2026

Last Modified

June 1, 2026

🔗 CVE IDs covered (1)

CVE-2026-10230 →

📋 Description

A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::read_animations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The project tagged the reported issue as bug.

🔗 References (8)

https://nvd.nist.gov/vuln/detail/CVE-2026-10230
https://github.com/assimp/assimp/issues/6615
https://github.com/assimp/assimp
https://vuldb.com/cve/CVE-2026-10230
https://vuldb.com/submit/821190
https://vuldb.com/vuln/367509
https://vuldb.com/vuln/367509/cti
https://github.com/advisories/GHSA-h6wx-qjrr-x3rf