A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project tagged the reported issue as bug.
3.0~dfsg-4ubuntu43.1.1~dfsg-53.2~dfsg-13.2~dfsg-23.2~dfsg-33.3.1~dfsg-53.3.1~dfsg-5+build13.3.1~dfsg-5ubuntu14.0.1~dfsg-14.0.1~dfsg-1~exp24.1.0~dfsg-14.1.0~dfsg-24.1.0~dfsg-34.1.0~dfsg-54.1.0~dfsg-5ubuntu15.0.1~ds0-1build15.0.1~ds0-25.0.1~ds0-3ubuntu15.1.4~ds0-15.1.5~ds0-15.1.6~ds0-15.2.0~ds0-25.2.1~ds0-15.2.2~ds0-15.2.5~ds0-1.1build15.3.1+ds-15.3.1+ds-25.3.1+ds-2build15.4.3+ds-25.4.3+ds-26.0.2+ds-16.0.3+ds-16.0.4+ds-16.0.4+ds-1build1Exploitability
AV:LAC:LAT:NPR:LUI:NVulnerable System
VC:LVI:LVA:LSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P